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^ . Abstract 

O . We present a two-level theory to formalize constructive mathematics as advocated in a previous 

paper with G. Sambin |MS05) . 

One level is given by an intensional type theory, called Minimal type theory. This theory extends 
the set-theoretic version introduced in [MS05] with collections. 

The other level is given by an extensional set theory that is interpreted in the first one by means 
of a quotient model. 

' This two-level theory has two main features: it is minimal among the most relevant foundations 

I for constructive mathematics; it is constructive thanks to the way the extensional level is linked 

• , to the intensional one which fulfills the "proofs-as-programs" paradigm and acts as a programming 

i-C ' language. 
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^ ■ 1 Introduction 

, In a previous paper with G. Sambin |MS05| we argued about the necessity of building a foundation 

' for constructive mathematics to be taken as a common core among relevant existing foundations in 

axiomatic set theory, such as Aczel-Myhill's CZF theory |AR| . or in category theory, such as the internal 
theory of a topos (for example in [MaiOSp . or in type theory, such as Martin-Lof's type theory [NPS90| 
and Coquand's Calculus of Inductive Constructions ' Coq90| . 

There we also argued what it means for a foundation to be constructive. The idea is that a foundation 
to develop mathematics is constructive if it satisfies the "proofs-as-programs" paradigm, namely if it 
enjoys a realizability model where to extract programs from proofs. If such a semantics is defined in terms 
of Kleene realizability |Tv88| . then the foundation turns out to be consistent with the formal Church 
^ ' thesis (for short CT) and the axiom of choice (for short AC). In |MS05j we took such a consistency 

property as our formal notion of "proofs-as-programs" foundation. This notion appears very technical 
in comparison with the intuitive proofs-as-programs paradigm. Actually, one of our aims is to explore 
which commonly conceived proofs-as-programs theories satisfy our formal notion of consistency with CT 
and AC together. 

To this purpose in [MS05| . we first noticed that theories satisfying extensional properties, like exten- 
sionality of functions, can not satisfy our proofs-as-programs requirement. This is due to the well known 
result by Troelstra |Tro77| that in intuitionistic arithmetics on finite types extensionality of functions is 
inconsistent with CT-I-AC (see |TvD88j or , Bee85j ). At present, only theories presented in terms of an 
intensional type theory, such as Martin-Lof's one in [NPS90| . seem to fit into our paradigm. 

This led us to conclude that in a proofs-as-programs theory one can only represent extensional 
concepts by modelling them via intensional ones in a suitable way, for example as done in [SV98i, ,Alt99l 
lAMS07llHHffl7] . 
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Therefore in ( MS05j we ended up to call constructive a theory equipped with two levels: with an 
intensional level that acts as a programming language and is the actual proofs-as-programs theory; with 
an extcnsional level that acts as the set theory where to formalize mathematical proofs. 

Then, the constructivity of the whole foundation relies on the fact that the extcnsional level must be 
implemented over the intensional level, but not only. Indeed, following Sambin's forget-restore principle 
in |SV98| we require that extensional concepts must be abstractions of intensional ones as result of 
forgetting irrelevant computational information. Such information are then restored when we implement 
extensional concepts back at the intensional level. Here we push forward this by saying that the needed 
extensional concepts can be obtained by just abstracting over equalities of intensional ones. Hence, 
it is sufficient to build a quotient model over the intensional theory in order to be able to implement 
the extensional level in the intensional one. In this paper we present an example of such a two-level 
constructive foundation that is also minimal among the most relevant constructive ones. 

Intensional level. The intensional level of our two-level foundation is essentially obtained by 
extending the typed calculus introduced in MS05 , and called Minimal Type Theory (for short mTT), 
with the notion of "collection" and corresponding constructors needed to implement the power collection 
of a set as quotient. The notion of "collection" we adopt corresponds to that of "type" in |NPS90| . We 
still call mTT such an extension. 

Then, the original fragment of Minimal Type Theory in [MS05j essentially represents the set-theoretic 
part of the mTT version presented here, called mTT^et. We say "essentially" because here we adopt 
a version of type theory with explicit substitution rules and without the S^-rule for lambda-terms as in 
\Mar75l 

The reason to adopt such a modified version is due to the fact that, as suggested to us by P. Martin-Lof 
and T. Streicher, in this way mTT^ef directly enjoys Kleene's realizability interpretation of intuitionistic 
connectives |Tv88| . and hence it turns out to satisfy our proofs-as-programs requirement. We expect 
that this is also the case for the whole mTT by furtherly extending the realizability interpretation to 
support collections. 

Instead, we still do not know whether the mTT version in |MS05| - that includes the ^-rule - satisfies 
our proofs-as-programs requirement, namely whether it is consistent with the formal Church thesis and 
the axiom of choice. This problem can be reduced to asking whether intensional Martin-Lof's type 
theory in }NPS90| . even with no universes, is consistent with the formal Church thesis 

(CT) V/ G Nat Nat 3e £ Nat (Vx G Nat 3y e Nat T{e,x,y) & U{y) =^ f{x) ) 

where T{e, x, y) is the Kleene predicate expressing that y is the computation executed by the program 
numbered e on the input x and U{y) is output of the computation y. This technical problem seems to 
be still open. Luckily, we realized that we do not need to solve such a problem: indeed, we can take 
a version of mTT with explicit substitutions and without the ^-rule, to satisfy our proofs-as-programs 
requirement in a easier way, because the absence of the ^-rule does not affect the properties of the quotient 
model we will build over it. In particular, the quotient model will validate extensionality of functions as 
lambda-terms anyway. This was first noticed in categorical terms in [ CROO( IBCRS98] . 

Extensional level. The extensional level of our two-level foundation is taken to be an extensional 
dependent type theory with quotients, called emTT. This extends that presented in [Mai07| with 
collections and related constructors needed to represent the power collection of a set with e-relation and 
comprehension used in everyday mathematical practice. The set-theoretic part of emTT includes the 
fragment without universes of extensional Martin-Lof's type theory in |Mar84| . 

Quotient model. We will interpret our extensional theory emTT in a quotient model built over 
mTT. This model is based on the well-known notion of total setoid a la Bishop [Bis67| and the inter- 
pretation shows that the design of emTT over mTT satisfies Sambin's forget-restore principle in [SV98| . 
Indeed, the interpretation represents the process of restoring all the irrelevant computational informa- 
tion missing at the extensional level. Moreover, it turns judgements of emTT, which are undecidable as 
those of extensional Martin-Lof's type theory in [Mar84j . into judgements of mTT that are all decid- 
able. This forget-restore process is very evident when looking at the design of emTT-propositions and 
their interpretation into mTT. In fact, whilst in cmTT, as in mTT, all propositions are identified with 
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collections of their proofs, in emTT, despite of mTT, they are inhabited by at most only one proof in 
order to express the fact that emTT -propositional proofs are indeed irrelevant. This allows to introduce 
a canonical proof-term true to express that (f> is valid in emTT if and only if we can derive true € in 
emTT. It is only when we interpret in mTT a derived judgement of the form true G ((> that we need to 
restore a specific proof-term containing all the forgotten computational information about its derivation. 

Benefits of adopting a tv^ro level tiieory. We hope that making explicit an extensional level over 
an intensional type theory, as we do here with emTT over mTT, will be useful to formalize mathematics 
in intensional type theory. Indeed, in the current practice of formalizing mathematics in intensional type 
theory, one ends up to work with setoid constructions, and hence to work within a quotient model. Here 
we extract a theory valid in one of such setoid models. Therefore, one is then dispensed to work directly 
in the model with all the heavy type-theoretic details regarding setoids and families of setoids. He can 
develop and formalize his theorems in a simpler extensional theory like our emTT. The interpretation 
of the extensional level into the intensional one, given once and for all, guarantees that a formalization 
of theorems at the extensional level is then inherited at the intensional one. 

Open issues. Our extensional level eniTT does not include all the type-theoretic constructors that 
our quotient model can support. For example, our quotient model over mTT supports effective quotients 
on generic collections and not only effective quotients over sets as in emTT. Moreover, in our quotient 
model every object, which is a quotient of an intensional set over an arbitrary equivalence relation, is 
covered by a quotient copy of an intensional set, namely by a quotient of an intensional set over the 
identity relation. In the case we build our two-level foundation by taking Martin-Lof 's type theory as our 
intensional level, the above observation has a very important consequence: the axiom of choice, which 
is not valid over generic quotients, turns out to be valid over copies of intensional sets in the quotient 
model. This implies that we can consistently add an axiom expressing that "every extensional set is 
covered by a set satisfying the axiom of choice" to the extensional theory abstracted over Martin-Lof 's 
type theory. This axiom was first noticed by P.Aczel and expressed as the Presentation axiom in his 
CZF theory (see | AR) ) . We leave to future research how to formalize such an axiom in an extensional 
type theory abstracted over Martin-Lof 's one, and more generally how to formalize the precise internal 
language of our quotient models over mTT and extensions, namely the theory that fully captures all the 
type theoretic constructors that can be modelled via quotients on them. 

Minimality. The presence of two levels in our foundation facilitates its comparison with other 
foundations, given that we can choose the most appropriate level at which to make the comparison. To 
establish the minimality of our foundation we will compare intensional theories, such as Martin-Lof 's 
one or the Calculus of Inductive Constructions, with its intensional level, while extensional theories, 
such as the internal calculus of a generic topos (as devised, for example, in IM ai05| ) or Aczel-Myhill's 
CZF theory, with its extensional level. Also logic enriched type theory in GA06] can be compared with 
our mTT. Indeed it appears as a fragment of our mTT except that, being just a many-sorted logic 
on Martin-Lof's type theory, its propositions are not inhabited with proofs and they are not seen as 
collections (or sets) of their proofs as in our mTT. In mTT we use such a property to represent useful 
constructions on subsets. 

Two-level theories, where one level is related to the other via a quotient completion, already appeared 
in the literature. One of this is Hyland's effective topos |Hyl82| . There the underlying theory is given 
by a tripos [HJP80| , namely a realizability model of many-sorted intuitionistic logic indexed on classical 
set theory. Then the topos is obtained by freely adding quotients to a regular category associated to 
the tripos [Car95j . However, the effective topos can be seen as obtained by a quotient completion on 
a lex category, too |Car95| . This latter completion is closer to our quotient completion. The precise 
correspondence between our quotient completion and the ones existing in the literature of category 
theory is left to future work with the study of a general notion of quotient completion. 

Summary. The main contributions of this paper are the following: 

- We introduce a two-level foundation for constructive mathematics where both levels are given by 
type theories a la Martin-Lof: one called mTT is intensional and the other called emTT is exten- 
sional. They both essentially extend with collections previously introduced theories respectively 
in MSI)") and in [Mai07| . The foundation is minimal among the most relevant known constructive 
foundations in type theory, or in set theory, or in category theory, to be compared with ours at 
the appropriate level. 
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- The extensional level emTT is interpreted in a quotient model a la Bishop built over the intensional 
one mTT by means of canonical isomorphisms. This is because equality of emTT types gets 
interpreted into an isomorphism of intensional types. As a consequence, emTT can be viewed as 
a language to reason within our quotient model over mTT. As an application, we get that the 
emTT-formulation of the axiom of choice turns out to be interpreted in mTT as exactly Martin- 
Lof's extensional axiom of choice in |ML061 [Car04j . and hence it is not valid. Even the axiom of 
unique choice is expected not to be valid in emTT as advocated in [MS05| . 

- We adopt an intensional version of mTT without the ^-rule for lambda-terms, after noticing from 
[CROOl IBCRS98] that its presence is irrelevant to interpret the extensional level via quotients. As 
said in [Mar75| , the absence of the ^-rule opens the way to interpret mTT via Kleene's realizability 
interpretation |Tv88] . and hence to show that it satisfies our proofs-as-programs requirement of 
consistency with CT+AC, as required to the intensional level according to our notion of construc- 
tive two-level foundation. This lets us to avoid the problem of proving consistency with CT+AC 
for intensional theories with the ^-rule as in |MS05|, lNPS90| . which is still open. 

2 The intensional level mTT 

Here we briefly describe the intensional level of our two-level constructive foundation. It consists of 
an intensional type theory in the style of Martin-L6f 's one in [NPS90j . which essentially extends that 
presented in [MS05| with the notion of "collection" . Indeed, the version in |MS05j called Minimal Type 
theory (for short mTT) essentially corresponds to the set-theoretic part of that presented here, which 
we still call mTT. We says "essentially" since the set-theoretic part of mTT, called here mTT^et, has 
different rules about equality from that in |MS05| . 

We thought of modifying the original calculus in [MS05j for the following reasons. First, we wanted to 
extend the calculus in |,MS05J with collections and the necessary constructors to support power collections 
of sets via quotients. This opens the way to formalize various mathematical theorems where power 
collections are used, like, for example, those about formal topology |Sam03[ [Sam09b| . As a consequence 
we had to equip the modified calculus with propositions closed under usual intuitionistic connectives 
and quantification over generic collections. We then called small propositions those closed only under 
quantification over sets beside usual intuitionistic connectives. Lastly, we modified the equality rules in 
order to easily satisfy the proofs-as-programs paradigm, namely the consistency of mTT with the axiom 
of choice and the formal Church thesis. 

More in detail, the typed calculus mTT is written in the style of Martin-L6f 's type theory [NPS90| 
by means of the following four kinds of judgements: 

A type [r] A = B type [T] aeA[V] a = h£A [V] 

that is the type judgement (expressing that something is a specific type), the type equality judgement 
(expressing when two types are equal), the term judgement (expressing that something is a term of a 
certain type) and the term equality judgement (expressing the definitional equality between terms of 
the same type), respectively, all under a context T. The contexts T of these judgements are formed as 
in [NPS90| and they are telescopic |dB91j since types are dependent, namely they are allowed to depend 
on variables ranging over other types. The precise rules of mTT are given in the appendix [SI 

Types include collections, sets, propositions and small propositions and hence the word type is only 
used as a meta-variable, namely 

type G {col, set, prop, props } 
Therefore, in mTT types are actually formed by using the following judgements: 

A set [r] A col [r] A prop [F] A props [V] 

As in |MS05| . the general idea is to define a many-sorted logic, but now sorts include both sets and 
collections. The main difference between sets and collections is that sets are those collections that are 
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inductively generated, namely those whose most external constructor is equipped with introduction and 
elimination rules, and all of their collection components are so. According to this view we will allow 
elimination rules of sets to act also toward collections. 

Our sets will be closed under the empty set, the singleton set, strong indexed sums, dependent 
products, disjoint sums, lists. These constructors are formulated as in Martin-Lof's type theory with 
the modification that their elimination rules vary on all types. In order to view sets as collections, we 
add the rule set-into-col 

A set 
A col 

The logic of the theory is described by means of propositions and small propositions. Small propositions 
are those propositions closed only under intuitionistic connectives and quantification over sets. To express 
that a small proposition is also a proposition we add the subtyping rule propg-into-prop 

A props 
A prop 

As explained in |MS05| . since we restrict our consideration only to mathematical propositions, it makes 
sense to identify a proposition with the collection of its proofs. To this purpose we add the rule prop- 
into-col 

A prop 
A col 

However, proofs of small propositions are inductively generated. Hence, small propositions, as proposi- 
tions in [MS05j . are though of as sets of their proofs by means of the rule props-into-set 

A props 
A set 

The rules props-into-set and prop-into-col allow us to form the strong indexed sum of a small 
propositional function (f>{x) prop [x £ A], or simply of a prepositional function, 

both on sets and on collections. Given that we will define a subset as the equivalence class of a small 
propositional function, then the props-into-set rule is relevant to turn a small propositional function on 
a set into a set, and hence to represent functions between subsets as in jSV98j and to represent families 
indexed on a subset as advocated in |Sam09aj . The same can be said about subcoUections. Moreover, 
the identification of a proposition with the collection (or set) of its proofs allows also to derive all the 
induction principles for propositions depending on a set, because set elimination rules can act toward 
all collections including propositions. 

In order to interpret the power collection of a set as a quotient of propositional functions, to mTT 
we add the collection of small propositions props and the collection of functions from a set toward props. 
Since such function collections toward props are instances of dependent product collections, to easily 
show some meta-theoretic properties about mTT we will consider an extension of mTT, called mTT'^P, 
with generic dependent product collections (see the appendix E] for its rules). Finally, by still keeping the 
minimality of our two-level foundation, we close mTT collections under strong indexed sums in order to 
give a simple categorical interpretation of the extensional level in the model we will build over mTT. 

It is worth noting that the subtyping relation of propositions into collections and that of small 
propositions into sets, via the rules prop-into-col and props-into-set respectively, are very different 
from the subtyping relation of sets into collections via the set-into-col rule, or that of small propositions 
into propositions via the props-into-prop rule. Indeed, the subtyping rules prop-into-col and prop^- 
into-set do not affect the elimination rules of propositions and small propositions: they express a merely 
inclusion. Instead the subtyping rules set-into-col and props-into-prop take part in the definition 
of sets and in that of small propositions, because elimination rules of sets and of small propositions act 
respectively toward all collections and toward all propositions. 

There are important motivations, already explained in [MS05', behind the fact that elimination rules 
of propositions act only toward all propositions and not toward all collections, as well as those of small 
propositions do not act toward all sets. 
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First, as said in [MSOSj . propositions have their own distinct origin, and only a posteriori they are 
recognized as collections of their proofs. Then, a more technical reason is that we want to prevent the 
validity of the axiom of choice. Indeed, as described in [MSOSj . the axiom of choice turns out to be valid 
if we allow an elimination on all collections or on all sets, because the existential quantification would be 
then equivalent to the corresponding strong indexed sum on the same constituents ^Luo94| . The reason 
to reject the general validity of the axiom of choice in mTT is to get a minimalist foundation compatible 
with the existing ones, including the internal theory of a generic topos where the axiom of choice is not 
always valid. All this attention to avoiding the validity of the axiom of choice was paid in .MSOSj because 
there we were trying to get our minimal foundation by modifying Martin-L6f 's intensional type theory in 
[NPS90' (here called MLTT). MLTT is not minimal just because it validates the axiom of choice, given 
that it follows the isomorphism "propositions as sets" and hence it identifies the existential quantifier 
with the strong indexed sum. To discharge such an isomorphism, and hence the validity of the axiom 
of choice, it is sufficient to introduce a primitive notion of propositions with the mentioned restrictions 
on their elimination rules. As result of this process our mTT version with collections, as well as that 
in [MSOSj . can be naturally embedded in Martin-Lof's intensional type theory [NPSQOj . if we interpret 
sets as sets in a fixed universe, for example in the first universe Uq in ^NPS90', and collections as generic 
sets. Then, propositions are interpreted as sets, always by following the isomorphism "propositions as 
sets", and, after identifying small propositions with sets in [/q, the collection of small proposition will 
be of course interpreted as Uo itself. 

In [MSOSj we chose to work with MLTT in order to get a minimalist proofs-as-programs foundation 
for its intensionality. Indeed, extensional theories, such the internal calculus of a topos or Aczel-Myhill's 
CZF, can not satisfy our "proofs-as-programs" requirement (see [MSOSj ). Actually, in [MSOSj we designed 
a version of mTT of which we still do not know whether it satisfies our proofs-as-programs requirement, 
namely whether it is consistent with the axiom of choice and the formal Church thesis. This problem 
can be reduced to asking whether intensional Martin-Lof's type theory in [NPSQOj is consistent with 
the formal Church thesis. Here, we do not solve such problems but we adopt a version of mTT that 
hopefully satisfies our requirement by means of Kleene's realizability interpretation [Tv88j . 

We got to this version after a suggestion by T. Streicher and P. Martin-L6f already reported in 
[Mar75j . There it is said that the first order version of Martin-Lof's type theory with explicit substitution 
rule for terms 

C{X\, . . . ,Xn) e C{X1, . . . ,Xn) [xx £ Al, . . . , Xn £ An{xi, . . . , Xn-l) ] 

ai = 61 G ^1 . . . a„ = 6,1 G A„(ai, . . . ,a„_i) 

sub) -. 7 TT —, r 

c(ai, . . . , a„) = c(6i, ...,&„) G 6 (ai, a„) 

in place of usual term equality rules in |NPS90j including the ^-rule 

^ c^c £C [x£B] 
Xx^ .c = Xx^ .c G IligsC 

is validated by Kleene's realizability interpretation of set-theoretic constructors. Hence this modified 
first order version of MLTT is consistent with the formal Church thesis and, in turn, satisfies our proofs 
as programs requirement, given that the axiom of choice is a theorem there. Instead, the version with the 
original term equalities in [NPS90j is not validated by Kleene's realizability interpretation just because 
of the presence of the ^-rule. Now, given that, as we say above, we can interpret our version of mTT 
in Martin-Lof's type theory with at least one universe, if we perform the same change of equality rules 
for mTT then Kleene's realizability interpretation surely validates the set-theoretic version of mTT and 
hopefully also the whole version!^, by providing a proof of mTT-consistency with the axiom of choice 
and formal Church thesis (the axiom of choice holds because the realizability interpretation interprets 
the existential quantifier as the strong indexed sum). 

Luckily, we can take this modified version of mTT without the ^-rule as the intensional level of our 
desired two-level foundation with no effect on the interpretation of its extensional level. Indeed, the 
above change of term equality rules does not affect the properties of the quotient model we are going 

^The realizability interpretation of the collection of small propositions, as well as of the first universe in Martin-Lof's 
type theory in INPS901 . is a delicate point. We expect to interpret it as the subset of codes of small propositions. 
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to build over mTT and where we will interpret emTT. This was first noticed in categorical terms in 
|(]RnnilBCRS98 fsee remark 1423 1) ■ 

Note that our mTT does not include the boolean universe Ub used in [Mai07j to derive disjointness 
of binary sums. Indeed, in the presence of a collection of small propositions this is derivable anyway 
(see the proof of theorem 14. 20p . 

Our present version of mTT, as that in [MSOSj . can be still though of as a predicative version of the 
Calculus of Constructions in |Coq90| with types and propositions: mTT collections and sets are simply 
interpreted as types, propositions as themselves, and the collection of small propositions as the type of 
all propositions. 

Of course, it makes sense to compare mTT just with intensional type theories as those already 
mentioned. 



3 The extensional level emTT 

Here we briefly describe the extensional level of our desired two-level foundation. This is the level where 
we will actually formalize constructive mathematics. 

As well as the intensional level, it consists of a type theory, called emTT, written now in the style of 
Martin-Lof 's extensional type theory in |Mar84j . 

The main idea behind the design of emTT goes back to that of toolbox in |SV98j . and it follows 
the forget-restore principle conceived by G. Sambin and introduced there. According to this principle, 
extensional concepts must be abstractions of intensional concepts as result of forgetting irrelevant com- 
putational information, that can be restored when implementing these extensional concepts back at the 
intensional level. Here, we think it is enough to require that extensional constructors must be obtained 
by abstracting only over equalities of corresponding constructors in mTT. Hence, it seems sufficient to 
add quotients to mTT to be able to represent our extensional level. This leads us to conclude that the 
extensional level should be considered as a fragment of the internal theory of a model built over mTT 
by just adding quotients. 

In the literature it is well known how to add quotients to a type theory by building setoids (see 
[Hof97[ [I3CP03| ) on it. The extensional theory emTT we propose here can be interpreted in a suitable 
model of total setoids a la Bishop that we will describe in the following. 

We need to warn that emTT is not precisely the internal language of the quotient model we adopt, 
namely it is not fully complete with it, or in other words it does not necessarily capture all the con- 
structions valid in the model, especially at the level of collections. For example, in our quotient model 
collections will be closed under generic quotients not present in emTT. Hence, different extensional 
levels may be considered over mTT, and even over the same quotient model. A criteria to decide what 
to put in emTT at the level of collections is that of preserving minimality, for example with respect to 
Aczel's CZF. 

emTT extends the set-theoretic version introduced in fMai07] , called here emTTset , with collections 
and related constructors needed to represent the power collection of a set with e-relation and compre- 
hension used in everyday mathematical practice. 

It is essentially obtained as follows: we first take the extensional version of mTT, in the same 
way as Martin-Lof 's type theory in |Mar84] is the extensional version of that in |NPS90| . with the 
warning of replacing the collection of small propositions props with its quotient under equiprovability 
7^(1) = props/ then we collapse propositions into mono collections according to the notion in |Mai05j : 
and finally we add effective quotient sets as in [Mai05j. The precise rules of emTT are given in the 
appendix [71 The form of judgements to describe emTT are those of mTT. 

One of the main differences between emTT and mTT amounts to be that between the extensional version 
of Martin-Lof 's type theory in lMar84j and the intensional one in [NPS9^. It consists in the fact that 
while type judgements in the intensional version are decidable, those in the extensional one are no longer 
so jHof97j . Another difference is that in emTT, despite of mTT, propositions are mono as in |Mai05| . 
that is they are inhabited by at most one proof by introducing in emTT the following rule: 

, A prop [F] peA[r] qeA [r] 

prop-mono '-^ \' L_L 

p = qeA [T] 
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Propositions are then mono collections and small propositions are mono sets. This property allows us 
to forget proof-terms of propositions, namely to make proofs of propositions irrelevant, by introducing 
a canonical proof-term called true for them: 

, A prop p £ A 

prop-true ) : 

' true e A 

This canonical proof-term allows to interpret true-judgements in |Mar841 IMar85| directly in emTT as 
follows: 

A true [F; B\ true, . . . , Bm true] = true e A [V , yi £ Bi, . . . ,ym G Bm ] 



Then, we can prove that, according to this interpretation, all true judgements of the logic in |Mar841 
IMar85| are valid in emTT. 

A key feature of extensional type theory in [Mar84j is the presence of extensional Propositional 
Equality, written Eq{A,a,b) to express that a is equal to b. This is stronger than Propositional Equality 
\6{A,a,b) in intensional type theory |NPS90| . and also in mTT (see appendixE]), because the validity of 
Eq{A,a,b) is equivalent to the definitional equality of terms a = b £ A (both under the same context). 
Furthermore, it is also mono. We add Eq{A,a,b) to emTT as a proposition, which is small when A is a 
set (see appendix [T]) . 

Another key difference between emTT and mTT is that in emTT we can form effective quotient sets 
(see |Mai05) ) . Then, in the presence of quotient effectiveness it is crucial to require that propositions 
are mono collections, as well as that small propositions are mono sets. Indeed, if we identify small 
propositions with sets simply, or propositions with collections, quotient effectiveness may lead to classical 
logic (see |Mai99j ) . because it yields to a sort of choice operator, and hence it is no longer a constructive 
rule. 

Moreover, observe that the set theoretic part of our emTT, called emTTjet, is a variation of the 
internal type theory of a list-arithmetic locally cartesian closed pretopos, as devised in [Mai05| . Indeed, 
emTTset is not exactly that because in the internal theory of a generic pretopos small propositions are 
identified with mono sets, while in emTT small propositions are only some primitive mono sets, and 
it does not necessarily follow that that all mono sets are small propositions. In this way we avoid the 
validity of the axiom of unique choice, which would instead be valid under the identification of small 
propositions with mono sets (see |Mai05j ). 

Lastly, in emTT we add the necessary constructors to represent the power collection of a set as the 
"power set" in the internal theory of a topos devised in the style of Martin-Lof's type theory in |Mai05| . 
To this purpose we put in emTT the power collection of the singleton set P(l). This is represented as the 
quotient of the collection of small propositions under equiprovability. Therefore a subset is represented 
as an equivalence class of small propositions. Then, we add collections of functions towards 'P{1) in order 
to represent the power collection of a set A: 

V{A) = A-*V{1) 



Therefore, a subset of A, being an element of V{A), is represented as a function from A to P(l). 
Moreover, we can represent e-relation and comprehension used in everyday mathematical practice as 
follows. Given W G V{A) and a £ A we define 

aeW = Eq(P(l), W{a), [tt] ) 



where tt = ± ^ _L is the truth constant (it may be represented by any tautology), and [tt] its quotient 
class under equiprovability. 

Furthermore, for any derivable B{x) G props [a; G A] we define 

{x£A \ B{x) } G r{A) = Xx'^.lBix)] G P(A) 



Then, thanks to the rules eq-'P) and eS-V) of V{1) and the equality rules expressing extensionality 
of function collections in appendix [71 we can prove that the equality between subsets determined by 
propositional functions is the usual extensional one as in [SV98J: 

{xeA\ B{x) } ^ {xeA \ C{x) } G ViA) holds in emTT iff V^gA B{x) ^ C(a;) holds in emTT. 
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Furthermore, also the comprehension axiom 

as{x e A I B{x) } ^ B{a) 

holds in emTT because ae{x e A \ B{x) } is equal to Eq(P(l), [B{a)] , [tt] ), which is valid if and only if 
B{a) is valid, too, again by the rules eq-P) and eff-P) of T{1) and those of Eq in appendix[71 
Thanks to the rule 77-P) and those about function collection, we can prove that for any subset W e ViA) 
we can derive 

W = {x&A I xeW}e V(A) 

Alternative rules to form the power collection of a set can be deduced from the analysis in |Mai05j on 
how to represent the subobject classifier in the internal type theory of a topos. 

Finally, it is worth noticing that, thanks to proof irrelevance of propositions, we can implementing 
functions between subsets as in |SV98| without running into the problem pointed out in |Car03| . 

The desire of representing power collections of sets together with proof irrelevance of propositions 
is a key motivation to work in a two-level foundation. Indeed, such constructions can not be directly 
represented in mTT because mTT has no quotients. On the other hand it is sufficient to build a quotient 
model over mTT to interpret them, and to interpret the whole emTT. 

In order to better present the proofs about this quotient model over mTT, it is more convenient 
to show them for an extended two-level theory. The extensional level of this extended two-level theory 
is taken to be an extension of emTT, called emTT'^P. emTT'^P is first obtained by extending emTT 
with dependent product collections, given that function collections toward V{1) can be seen as an 
instance of them (see the rules in appendix [7]). Consequently, the intensional level is necessarily taken 
to be mTT''^', namely mTT extended with dependent product collections, in order to support the 
interpretation of corresponding collections in emTT'^^'. Moreover, in emTT'^P we also include effective 
quotients on collections, (that we do not include in emTT!) in the attempt to capture the largest 
extensional theory a la Martin-L6f valid in our quotient model over mTT''^. However emTT'''' does not 
seem to be the internal language of our quotient model over mTT'''' yet, as well as emTT is not at all 
that of our quotient model over mTT. We leave to future work how to determine the fully complete 
theory of our quotient model over mTT'^P, and eventually that over mTT. 

It is worth noting that our quotient models over mTT and over mTT''^ support also the interpretation 
of the collection of small propositions props, if added to emTT and to emTT''*' respectively. Indeed, 
props turns out to be interpreted as T'(l), because equality of emTT propositions is interpreted into 
equiprovability of mTT propositions. We chose of putting in emTT only the quotient collection of small 
propositions under equiprovability P(l), and not the collection of small propositions props, in order to 
make emTT easily interpretable in the internal theory of a topos. Indeed, if we consider the formulation 
Ttop of the internal theory of a topos devised in [MaiOSj in the style of Martin-L6f 's extensional type 
theory, then emTT sets and collections are translated into Ttop types, emTT small propositions and 
propositions into Ttop mono types, that represent Ttop propositions, and V{1) is translated as the Top 
type representing the subobject classifier. 

Note that, as in mTT also in emTT we do not include the boolean universe Ub used in [Mai07| 
to derive disjointness of binary sums. Indeed, in the presence of P(l) sum disjointness is derivable 
anyway H. 

Our emTT is also compatible with the notion of a predicative topos |MP02| , being its set-theoretic 
part a fragment of the internal theory of a locally cartesian closed pretopos. In particular, if we perform 
over Martin-Lof's type theory with universes the quotient model we will build over mTT to interpret 
emTT, then we will get a predicative topos (see jMPOO) IMP02| ). Given that our intensional level 
mTT can be interpreted in Martin-Lof's type theory with universes, this yields that emTT can be also 
interpreted in the predicative topos over it. 

Finally, emTT is certainly compatible with Aczel's CZF [AR| by interpreting sets a CZF sets, col- 
lections as classes, propositions as subclasses of the singleton and small propositions as subsets of the 

^The proof of disjointness in emTT is similar to that for mTT mentioned in the proof of theorem 14.201 
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singleton (in order to make the rules prop-into-col and props-into-set valid). In particular, the power 
collection ViA) of a set A is interpreted as the corresponding power collection of subsets. 

4 The quotient model 

In the sequel we are going to define a model of quotients over mTT. This is based on the well-known 
notion of setoid [Bis67l lHof97j . namely a set with an equivalence relation over it, that we apply to any 
type we consider. We will then interpret emTT in such a model. 

The model will be presented in a categorical shape. The reason is that we know the categorical 
semantics of emTT and, if the quotient model turns out to be an instance of it, then we can interpret 
emTT into the model, and hence into mTT. This model represents also a way to freely add quotients to 
niTT in a suitable sense. The precise categorical formulation of its universal property is left to future 
work. 

We first start with defining the category of "extensional collections" namely collections equipped with 
an equivalence relation. In the case the collection is a set, this notion is known as "total setoid" in the 
literature psBTl IHofflTL IBCiPOSj . 

Def. 4.1 The category Q(mTT) is defined as follows: 

ObQ(mTT): objects are pairs (A,=a) where A is a collection in mTT, called "support", and 

X —A y prop [x £ A,y £ A\ 

is an equivalence relation on the collection A. This means that in mTT there exist proof-terms witnessing 
refiexivity, symmetry and transitivity of the relation: 

rfl(a;) £x ^ax [x £ A] 

sym(x, y,u) £ y =a x [x e A, y e A, u e x =a y] 

tra{x, y, z, u,v) £ x =a z [x £ A, y £ A, z £ A, u £ x =a y, v £ y =a z] 
We call {A,=a) extensional collection. 

MorQ(mTT): morphisms from an object {A,=a) to {B,=b) are mTT terms f{x) £ B [x E A] preserving 
the corresponding equality, i.e. in mTT there exists a proof-term 

Phix, y,z) e fix) =B fiy) [x e A, y e A, z ex=Ay] 

Moreover, two morphisms f,g : {A,— a) — > {B,=b) are equal if and only if in mTT there exists a proof- 
term 

pr2{x) € f{x) =B g{x) [x e A] 

The category Q(mTT) comes naturally equipped with an indexed category (or split fibration) satisfy- 
ing comprehension (see |Jac99j for its definition) thanks to the closure of mTT collections under strong 
indexed sums: 

Def. 4.2 The indexed category: 

; Q(mTT)°'' ^ Cat 

is defined as follows. For each object {A,=a) in Q(mTT) then 'Pq{{A,=A)) is the following category: 
ObPq{ [A, =a) ) are the propositions P{x) prop [x € A] depending on A and preserving the equality on A, 
namely for such propositions there exists a proof-term: 

ps(a:, y, d) £ P{x) P{y) [x e A, y e A, d € x =a y]E 



^ Indeed, from this, by using the symmetry of x =a V it follows that P{x) is equivalent to P{y) if x =a V holds. 
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Morphisms in Mor7'g( {A, —a) ) are given by a partial order, namely 
r,{ (A, =a) )( P{x) , Q{x) ) = P{x) < Q{x) 

iff there exists a proof-term pt(a::) £ P{x) — * Q{x) [x G A] 

Moreover, for every morphism / ; {A,=a) ~* {B,=b) in Q(mTT) given by f{x) € B [x e A] then 'Pq{f) is 
the substitution functor, i.e. Vq{f)( P{y)) = P{f{x)) for any proposition P{y) prop [y e B] (recall that 
Vq is contravariant). 

Lemma 4.3 Vq is an indexed category satisfying comprehension. 

Proof. To describe the comprehension adjunction, we consider the Grothendieck completion Gr{Vq) of 
Vq (see |Jac99 l for its definition) and the functor T : Q(mTT) Gr{Vq) defined as follows: 

T( {A, ^a)) = { {A, =a) , tt ) T{f) = if, id,,) 

where tt is the truth constant. 
T has a right adjoint 

Cm : Gr{Vq) Q(mTT) 
defined as follows on objects: Cm( ( (A, =a) , P ) ) = {T,x<^aP{x) , ^cm ) where 

Zl =Cm Z2 = 7ri(2l) =A 'r^l{z2) 

for zi, 22 G Ei,gA-P(2;); and on morphisms: Cto( (/,<) ) = / where /(z) = { f{ni{z)) , Ap{pt{ni{z)) , n2{z))) 
for z G E^eAP{x) and / : {A,=a) -> (B,=fl). 

Def. 4.4 (Pq-proposition) Given a proposition P G Oh'Pq{(A,=A)) then the first component of the 
comprehension adjunction counit on ( {A,=a) , P) 

(?7i,r?2) : ((E,6AP(a;), =cm), tt) -,{(A,=a),P) 

that is the first projection 7]i = vrf : {T,xsAPix) , =cm ) {A, =a), is a monic morphism in Q(mTT) and 
it is called a Vq-proposition. 

Def. 4.5 (Pq-small proposition) A P^-proposition rn = ■k[ : (Ei,gA-P(a;) , =cm ) {A,=a) is called a 
Vq-small proposition if the proposition P G 'Pq{ {A, =a) ) is small. 

In order to make clear how the set-theoretic part of Q(mTT) can interpret the set-theoretic fragment 
emTTset of emTT, we single out the category of extensional sets from that of extensional collections. 

Def. 4.6 The category Q(mTT)set is defined as the full subcategory of Q(mTT) equipped with exten- 
sional sets {A, =a) where the support is a set and the equivalence relation is small, namely A set and 
X =A y props [x £ A,y £ A] are derivable in mTT. 

Def. 4.7 We define the functor Vq^^t : Q(mTT)°J Cat as the restriction of Vq on Q(mTT)set to small 
propositions, namely for every extensional set (^4, —a) we have that Vq^^^i {A, —a) ) is the full subcategory 
of Vq{ {A, =a) ) containing only small propositions. 

Then, in an analogous way to lemma [¥31 we can prove: 

Lemma 4.8 Vq^^^ is an indexed category satisfying comprehension. 
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Analogously to definition 14.41 we can define a Vq -proposition, which is indeed also small. 

In order to prove that the category Q(mTT) has all the necessary structure to interpret emTT, in 
particular that it is closed under certain dependent products, it will be useful to know that Q(mTT)- 
morphisms correspond to extensional dependent collections defined in an analogous way to dependent 
sets in |Bis67( IPalOSj as follows: 

Def. 4.9 (extensional dependent collection) Given an object (A, =a) of Q(mTT), abbreviated with 
A^, we define an extensional dependent collection on {A,=a) written 

B^{x) [x e A^] 

as a dependent collection B{x) col [x G A], called "dependent support", together with an equivalence 
relation 

y =B(^) y' prop [x£ A,y £ B{x), y' G B{x)]. 

Moreover, for any xi,X2 A there must exist a substitution morphism 

"%l{d,y) G B{x2) [xi e A, X2 € A, d e xi =a X2, y G -8(2:1)] 

preserving the equality on B{xi), namely there exists a proof of 

<^%l{d,y) ^B{x2) <^%l{d,y') prop [xi e A, X2 e A, d e xi =a x2, 

y G B{xi), y' G B{xi), w ey =b(xi) y'\- 

and non depending on d G a;i =a X2 in the sense that we can derive a proof of 

a%l{dx,y) =B(x2) ^xi{d2,y) prop [xi e A, X2 € A, di G xi =a X2, d2 G xi =a X2, y G B{xi)] 

Furthermore, cr!^(rfl(x), — ) is the identity, namely there exists a proof of 

cr^(rfl(s),y) =s(^) y prop [x € A, y £ B{x)] 

and the a^^ 's are closed under composition, namely there exists a proof of 

o'xUd'i , ^%l{di,y) ) =B{X3) a^l{tra{xi,X2,X3,di,d2) , y) prop 

[x-i e A, X2 € A, X3 £ A, y e B{xi), di G xi =a X2, ^2 G X2 =a x^]. 

Note that the non dependency on the proofs of the extensional collection equality —a allows to use the 
following abbreviations: 

f^xi (y) = oil {d, y) 

for xi £ A, X2 £ A, d £ xi =a X2, y G B{xi). 

Categorically speaking, we can see that an extensional dependent collection is given by a functor 
from a suitable groupoid category to Q(mTT). Indeed, for any extensional type (^1,=^) we can define 
the category Q{ {A, =a) ) as follows: its objects are the elements of A (with their definitional equality as 
equality) and for ai,a2 € A then ai < 02 holds if and only if we can derive p G ai —a 0-2 in mTT. Then, 
any extensional dependent collection on {A,— a) is given by a functor 

CTB ■■ G{ {A, =a) ) Q(mTT) such that asix) = B={x) asixi < X2) = (TxI 

where criJIJ stands for the extensional morphism given by 

<^ll{y) G B{x2) [x\ e A, X2 e A, d € xi =A X2, y G B{xi)] 

Note that Q{A, ^a) is a groupoid category and hence its image along as also gives a groupoid category. 
In particular we get that every a^'^ actually gives rise to an isomorphism between {B{xi) , —b(xi) ) and 
{B{x2) , =B{X2) ) for given xx,x2 G A. 
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Analogously, we can give the definition of extensional dependent set: 

Def. 4.10 An extensional dependent collection B={x) [x G A^] is an extensional dependent set if its 
support is a dependent set and its equivalence relation is small, namely we can derive 

B{x) set [x € A] y ^b(x) V props [x £ A, y e B{x), y G B(x)\ 

Analogously, we can give the definition of extensional dependent proposition and of extensional dependent 
small proposition, where the latter must be also an extensional dependent set. In the following we will 
often speak of extensional dependent type to include any of them. 

Def. 4.11 Let us call DepQ^-^r^r^'^{ {A,=a) ) the category whose objects are extensional dependent col- 
lections B={x) [x £ A=] on the extensional collection {A,=a), and whose morphisms are extensional 
terms 

b{x,y) G B^{x) [x eA=,y€ C={x)] 

that are dependent terms b{x, y) G B{x) [x £ A, y £ C{x) ] preserving the equality on A and that on C{x), 
namely in mTT there exists a proof of 

a^^{b{xi,yi) ) ^B(x2) b{x2,y2) prop [xi £ A, X2 & A, w £ Xi =a X2, 

yi G C={xi), 3/2 G C^{X2), z G ^C(x2) Vi] 

Now, we ready to prove that Q(mTT)-morphisms correspond to extensional dependent collections. 
Categorically, this can be expressed by saying that the slice category of Q(mTT) over an extensional col- 
lection {A, =a) (see |Jac99] for the definition of slice category) is equivalent to the category of extensional 
dependent collections on {A,=a)- 

Proposition 4.12 The category Q(mTT)/(^, =a) is equivalent to ^ePq^mTT) ( )■ 

Proof. Given a Q(mTT)-morphisni / : (C, =c) — > (A, =a) then the support of the extensional dependent 
collection associated to it is 

^yec fiy) =A X col [x G A] 

with equality 

2 =E/ «' = 7ri(«) =C 

for X € A and z, z' G S^gc f{y) ~a x. Then, we define 

f^lliz) = (7ri(z),tra(7r2(2:),d)) 

for d£x\=AX2. Clearly (J%\{z) =2/ z and also the transitivity property holds. 

Conversely, given an extensional dependent type B={x) [x G A=] we consider the extensional type 
{T,x^aB{x), =e) where 

Z =S z' = 3d e TVliz) =A -n-liz') (T^^^[^j' (712(2)) =B(ni{z')) '^2{z') 

for z,z' G YixeAB{x) and to it we associate the Q(mTT)-morphism given by it^(z) = 7ri(2) for z G 
E,6AB(a;) 

TT^ : (E.gAB(a;),=E) ^ (A=a). 

called comprehension oj the extensional dependent collection B={x) [x G j4=]. 

Def. 4.13 We call dset-morphism a Q(mTT)-morphism 

TT^ : (E,gAB(a;),=E) ^ (A=a). 

that is the comprehension of an extensional dependent set B={x) [x G A=], namely an extensional 
dependent collection whose support is a dependent set and whose equivalence relation is small. 
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In an analogous way, we can define the category of extensional collections Q(mTT'''') on mTT'*'', and we 
can prove the same properties shown so far for Q(mTT). 

Then, in order to describe the categorical structure of Q(mTT), as well as that of Q(mTT''P), it is also 
useful to know that these models are closed under finite products and equalizers (for their definition see, 
for example, |Mac71j ). namely that they are lex categories: 

Lemma 4.14 The category Q(mTT), as well as Q(mTT''*'), is lex (i.e. with terminal object, binary 
products, equalizers). 

Proof. In the following we indicate with c : {D,=d) (C, =c) an arrow given by c(x) £ C [x e D] in 
Q(mTT) . 

The terminal ohject is ( Ni, ld(Ni,a;,y) ). Then, for any object {A,— a), the unique arrow to the terminal 
object is * e Ni [x g 4]. The uniqueness can be proved thanks to the fact that for any d e Ni we can 
prove that ld(Ni,ci, *) holds by elimination rule on Ni. 
The binary product of {A, =a) an (B, —b) is (A x B,=x) where 

Z =x z' = T^l(z) =A T^liz') A TT2{z) =S TT2{z') 

The projections are tti(z) e A [z e A x B] and 712(2) e B [z e A x B]. The pairing of two arrows 
a : (C,=c) {A,=a) and &: (C,=c) ~* {B,^b) is {a{z),biz)) € A x B [z e C]. 
An equalizer oi 61,62 : {A,=a) {B,^b) is (Ey6A6i(j/) =b 62(1/), =eq) where 

z =eq z = 7ri(z) =A 7ri(z') 

for z,z' e T,y<zAbi{y) =b 62 (i/)- The embedding morphism is 7ri(z) G A G T,y^Ab\(y) =b 62(2/)]. 
Moreover, for any arrow c : {D, =d) ~* {A, =a) equalizing 61, 62 and hence yielding to a proof 

p{z) G 6i(c(z)) =b 62(c(z)) [z G D] 
the unique arrow toward the equalizer is {c{z),p{z)) G Eyg^ 61 (y) —b 62(1/) [z G D]. 

Note that here we have used the existence of proof-terms witnessing the equality between morphisms in 
Q(mTT). 

Now, after knowing how binary products are defined in Q(mTT), we give the definition of categorical 
equivalence relation induced by an equivalence relation of mTT (also small): 

Def. 4.15 ("Pq-equivalence relation) Given an equivalence relation R eVqi {A, =a)x (A, =a) ), namely 
a proposition R{x, y) prop [x £ A,y £ A\ that preserves =a on both dependencies and is also an equivalence 
relation, we call V q-equivalence relation the corresponding Pg-proposition, namely 

r)l = 7rf : (S^gAxA R{iIiZ,T\2Z) , =Cm ) {A X A,=x) 

Analogously, we can define a Vq-small equivalence relation and a Vq ^^^-equivalence relation, which is 
indeed also small. 

In order to describe the categorical structure of Q(mTT), as well as that of Q(mTT''^), it will be useful to 
know that puUbacks preserve dset-morphisms and 7^g-propositions, which in turn follows from the fact 
that a puUback along the comprehension of an extensional dependent collection is isomorphic to one of 
this form. 

Lemma 4.16 In Q(mTT), as well as in Q(mTT''''), the pullback of the comprehension of an extensional 
dependent collection B{x)= [x G A=] 

7V? : {E^eAB{x),=^)^{A,=A) 

along a generic morphism S : {D,—d) ^ {A,— a) is isomorphic to the comprehension of an extensional 
dependent collection B'{x)= [x G -D=] where B'{x) [x £ D\ = B{5{x)) [x G ^4] 

7rf : (S:rgo B( (5(3;) ), =3/(3;) ) ^ (D, =d). 
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whose equality is w =b'(x) w' = w —b{S{x)) w' for x £ D,w,w' £ B'{x) and its substitution morphism is 
defined by using that of B{x) as follows: for xi £ D,X2 € D, w € xi =n X2,y G B'{xi) 

From this we deduce the following corollary: 

Corollary 4.17 In Q(mTT), as well as in Q(mTT'*^), the pullback of a dset-morphism 

7rf : ( Ea;gA B{x) , =Cm) {A, =a) 

along a morphism S : {D,=d) — > {A,=a) is isomorphic to a dset-morphism. Analogously, the pullback 
of a Vq-proposition is isomorphic to a Vq-proposition, and that of a Vq- equivalence relation to a Vq- 
equivalence relation. The same holds with respect to Vq-small propositions and Vq-small equivalence 
relations, as well as with respect to V q ^^^-propositions and Vq^^^- equivalence relations in Q(mTT)set. 

Proof. This follows immediately from lemma 14.161 after noticing that B' [x) [x e D] is of the same 
kind of type as B{x) [x e A], and it is an equivalence relation if B{x) is so. In particular, to apply 
lemma 14.161 properly on Pg-propositions, note that any P e ObVq{{A,—A)) induces an extensional 
dependent proposition P{x)= [x G A=] whose support is P{x) prop [x £ A], whose equality is the trivial 
one: w ~p(x) w' = tt, and whose substitution morphisms are defined as o-^^{y) = Ap( ps(a::i, a::2, d) ,y) for 
xi,x2 G A and d € xi =a x2, y € P{xi). 

Now, we are going to recall the categorical notion of dependent product and its stability under pullback 
(see |See84llJoh02al l To this purpose we fix the notation about pullback: in a lex category C we indicate 
the projections of a pullback oi b : B ^ A along d : _D ^ ^ as follows 

DxaB B 

d'-ib) b 

D 5^ A 

d 

Furthermore, for any morphism m : b' ^ b in C/A we indicate with d*{m) : d*{b') — + d*{b) the unique 
morphism in C/D such that d*{b) ■ d*{m) = and b*{d) ■ d*{m) = m ■ (b')*(d) hold. 

Then, we are ready to recall the definition of stable dependent product: 

Def. 4.18 Given a lex category C, we say that C is closed under the dependent product of a morphism 
c : C B over a morphism b : B ^ A, if there exists a C-morphism Iltc : IlsC — > A with a C/B-morphism 
Ap : 6*(n6c) c such that, for every C-morphism d : D ~+ A and any C/B-morphism m : b*{d) c, there 
exists a unique C/yl-morphism rh : d ~* TlbC in C/A such that Ap ■ b*{m) = m in C/B. 

Moreover, a dependent product of a morphism c: C ^ B over a morphism b : B ^ A is stable under 
pullback if for every morphism q : Q A then g*(nf,c) : Q xa flsC Q together with {b*{q))*{Ap) is a 
dependent product of (&*(g))*(c) : {Q xa B) xb C Q xa B over g*(fo) : Q xa B ^ Q. 

Then, we recall the definition of exponential in a slice category and its stability under pullback: 

Def. 4.19 Given a lex category C, for any object A in C we say that C/A is closed under the exponential 
of c : C ^ A to b : B ^ A , also called the function space from b : B A to c : C A, ii C is closed 
under the dependent product oi b* {c) : C xa B ^ B over b : B A. 

Moreover, the exponential of c : C ~* A to b : B ^ A is stable under pullback, if the corresponding 
dependent product is stable under pullback. 

Now, we are ready to describe the categorical structure of Q(mTT) and Q(mTT'''') sufficient to interpret 
emTT and emTT'^P respectively (for the involved categorical definitions not presented here see loc. cit. 
in IMaiOSQ : 

Theorem 4.20 The following hold: 
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- The category Q(mTT) is lex with parameterized lists of extensional sets, with stable finite disjoint 
sums of extensional sets and with stable effective quotients with respect to Vq- equivalence relations. 

Furthermore, Q(mTT) is also closed under stable dependent products of any dset-morphism over 
another dset-morphism. 

Moreover, in Q(mTT) there is an object (props,^), where ^ {p,l) = (p — * <?) A (g — > p) for 
P,q G props, classifying Vq-small propositions, namely for every object {A,=a) there is a bijection 

Q(mTT)( (yl, =a) , ( props, ^ ) ) ^ S^fep,-small( =a) ) 

between morphisms from {A,=a) to it and the collection of subobjects represented by Vq-small 
propositions on {A,=a). 

And, in Q(mTT) there exist local stable exponentials o/ ( props, <-> ) to dset-morphisms, namely, 
for any extensional collection {A,=a), the slice category o/Q(mTT) over {A,=a) is closed under 
exponentials of ni -. {A,=a) x (props,^) {A,=a) to any dset-morphism, and these exponentials 
are stable under pullback. 

Lastly, the indexed category Vq validates first- order intuitionistic logic with equality, namely it is 
an intuitionistic hyperdoctrine in the sense of 'SeeSSi (see also lLaw70\ \Law69 , PitOOj). 

- The category Q(mTT'*f) enjoys the same properties as Q(mTT), but in addition is also locally 
cartesian closed (i.e. with dependent products). 

Proof. Thanks to lcmma H.14l we already know that Q(mTT) and Q(mTT''*') are lex, and we proceed 
to prove all the other properties. 

The list object on an extensional set {C,—c) is {List{C),=Liat(C)) with 

z =Ltst{C) z = 3ieLiat{R) \A{List{C) , ttT{1) , z) A ld( List(C), 7f^(0, 2') 

for z,z' e ListiC) where R = Sj^gcSygca; =c y and tu = List^Ki) is the lifting on lists of the i- 
th projection for i ~ 1,2. The empty list arrow is e e List{C) [w £ D\ and the list constructor is 
cons(2,y) e List{C) [z G List(C),y £ C]. Given the Q(mTT)-niorphisms a : (D,=d) {M,=m) and 
I : (M,=m) X {C,=c) -* (M, =m), the recursor map is Elust{u, a{w) , {x,y, z).l{{z,y})) € M [w e D,u e 
List{C)]. The uniqueness of the recursor map follows by elimination rule on lists. 

The initial object is ( No, ld(No, x, y) ) and, for any object {A, —a), the unique arrow from the initial object 
to it is empo(2:) & A[x £Hq]. The uniqueness of such an arrow follows by the elimination rule on Nq. 
The binary coproduct of extensional sets (B, —3) and (C, =c) is (B + C, =b+c) 
where 

r 6=s6' if 2 = inl(&) and z' = inl(6') for b,b' e B 

z —B+c z = I c —c c' if 2: = inr(c) and 2' = inr(c') for c,c' £C 

y 1. otherwise 

for 2,2' G B + C. The injections are m\{z) e B + C [z e B] and \nr(z) e B + C [z £ C]. Given 
the morphisms b : {B,—b) ^ {D,—d) and c : {C,—c) {D,=d), then the coproduct morphism is 
El{z, (y2).c(y2)) e D [z e B + C]. Uniqueness of the coproduct morphism follows by ehmina- 

tion rule on the binary sum B + C. Sums are disjoint thanks to the disjointness of sums in mTT (this 
can be proved easily thanks to the fact that we can eliminate on disjoint sums toward props by using 
El+{z, {x).±, (j/).tt) e props [z e A + B]). Stability of coproducts under puUbacks follows by elimination 
on binary sums and from the fact that in mTT we can prove injectivity of sum injections H and sum 
disjointness. 

*More formally, thanks to disjointness of sums in mTT we can define 

z=B+cz'= ( 3^eB3^'es ld(B + C, 2,inl(x)) A ld(B + C,z',inl(x')) A x =b x' ) 

V ( 3y^c ^y'ec ld(B + C, z, inr(y)) A \d{B + C, z' , inr(y')) A y =c v' ) 

''For example, injectivity of inl can be proved as follows. Consider the term p{u, z) £ A [u £ A, z A + B] where 
p{u, z) = El^(z, {x).x, (y).u). Then, if \d{A + B, inl(a), inl{a')) holds for a, a' £ A, by preservation of propositional 
equality we get that ld( yl, p{a, inl(a) ) , p{a, inl(a')) holds, too. Hence, from this we conclude that ld( A, a , a') holds. 
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The classifying bijection between morphisms from {A, =a) to (props, ^) and subobjects given by Vq-siaall 
propositions on {A,— a) follows by construction of Vq-small propositions. 

The fact that Vq validates first-order intuitionistic logic with equality follows by construction of the 
indexed functor. 

Proving that Q(mTT) is closed under dependent products of dset-morphisms over dset-morphisms, as 
well as proving that local stable exponentials of ( props, ^ ) to dset-morphisms exist in Q(mTT), can be 
seen as a particular case of proving local closure of Q(mTT'*''). Indeed, the latter is equivalent to proving 
that Q(mTT'''') is closed under dependent products of generic morphisms (usually expressed in the form 
that a right adjoint to the puUback functor induced by any morphism exists, see |Jac991 Poh02aj ). We 
proceed, then, to prove that Q(mTT'''') is closed under dependent products of any morphism over any 
other. To this purpose, thanks to the fact, shown in proposition I4.12|, that any Q(mTT''*')-morphism 
/ : {B,=b) {A,^a) is isomorphic in Q(mTT'*f )/(^, =a) to one of the form 

Trf : (E.gAB(^),=E) -> {A,=a) 

with B={z) \z G A^\ extensional dependent collection, it is enough to show the existence of dependent 
products for morphisms of the form 7rf . In the next we will use the abbreviation Be = '^zi^aB{z). 
Then, a dependent product of 

Trf : (E2gflj,C(z), =Cb ) ^ (-Be,=Ss) 

over 7rf : (-Be,=e) (A,=a), is Trf^ : {(J\bC)y. , =n) {A,=a) that is the comprehension (in the sense 
of proposition I4.12p of the extensional dependent collection IIbC{x)^ [x e A=] defined as follows: for 

X e A 

and 

^ =ng{i:) 2' = '^veB(x) Ap(7ri(2:) , y) =c({x,y)) Ap(7ri(z') , y) for z, z e UbC{x) 

and for xi G A,X2 £ AjW £ xi —a X2,u£ ^%{x) 

oiiiu) ^ (Aj/^(^^).a;;;;^^;J,^^^^(Ap(ft, <^(jy))),t) 

for u = {h,p) and suitable t built by using p and proof-terms witnessing properties of substitution 
isomorphisms. 

Then, supposing that the puUback domain ( (nBC)E , =n ) X(a,=^) {Bt., =By.) is represented by 

( S;,g(nBC)5: S„6i3j, 7ri(2) =A ni(w) , =X(^ ) 

where z —x^a =a) z' = u —ji u' A v =3^ assuming that z = (it, {v,p) ) and z' = {u', {v',p') ), then the 
application map 

App : ( (nsC)E,=n) X(A -^) (BE,=i3s) ^ (Ce,=Cs) 

is given by 

App{u) = { {ai, (Talib)) , Ap{h,aa2{b)) > G Ce for z; £ T.^^^nBC)s ^weB^ t^i{z) =a -Kiiw) 

supposing 7ri(i;) = {ai,{h,p)) and 7ri(7r2(t;)) = {02, b). Note that cr°^ is well defined because from 
q = tv2{tv2{z)) G ai =a 12 we get sym(q) G a2 =A ai. 

Now, given a morphism m : (D, =d) X(a,=^) (-Be, =Sj;) ^ (Ce,=Cj;) in Q(mTT'*P)/(_BE, =Sj;) where we 
assume the support of the puUback domain {D,=d) X(a-a) iBj:,=Bs) to be Ezgn EiugBs 5{z) —a tvi{w) 
for S : {D, =d) {A, =a) as above, then, the abstraction map m(d) G (JIs C)e [d G D] is given by 

m{d) = {S{d), (Ay^W'^)\a<^/(tifi,))(^2('^M)) ,P)} 
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where zd = {d, {{S{d),y) , ref((5(d))) ) and suitable p built by using proof-terms witnessing properties of 
substitution isomorphisms and equality preservation of m. 

In particular, the exponential of tti : {A, =a) x ( props, ^ ) (A, =a) to the dset-morphism 7rf : {Bs, =s) 
{A,=a) in Q(mTT)/(A, =a) is the comprehension of the extensional dependent collection T{B{x))^ [x e 
A^] where 

T{B{x)) = T.heB{x)-,prop, '^vi,v2eB(x) yi =B(x) 2/2 (Ap(fe,j/i) ^ Ap(/i,y2)) 

and its corresponding equality is 

z=v(B(x))z' = Vj,efl(^) Ap{TTi{z),y) ^ Ap(TV2{z) ,y) for z, z' e V{B{x)). 

Stability under pullback of dependent products of dset-morphisms over dset-morphisms, or of local 
exponentials of (props,^), follows easily thanks to corollarv l4.17l 
The quotient of a Vq- equivalence relation in Q(mTT''P) 

r : {Y.^^axaR{t^iz,-K2z) , =cm) {A x A,=x) 

is {A,R). The quotient map from {A, =a) to {A, R) is z £ A [z e A]. Given a map a : {A, =a) {D, =n) 
coequalizing the projections along r, namely tti • r and ^2 ■ r, the unique map from {A,R) to {D,=d) 
factoring a is a{z) £ D [z £ A] itself. The quotient map satisfies effectiveness by construction. The 
quotient stability under pullback follows easily thanks to corollarv l4.17l 

Furthermore, in an analogous way to theorem I4.20[ we can prove that the category Q(mTT)set enjoys 
all the categorical properties necessary to interpret emTT-sets (for their definitions see, for example, 
jMai05| ). In particular, to prove local closure we will make use of a proposition analogous to 14.121 that 
can be proved in an analogous way as well: 

Proposition 4.21 The category of extensional sets Depm^^r^rj,^^ ^{{A,=a)) on an extensional set {A,— a) 
is equivalent to Q(mTT)set/(^, 

Theorem 4.22 The category Q{nin)set is lextensive (i.e. with terminal object, binary products, equal- 
izers and stable finite disjoint coproducts), list- arithmetic (i.e. with parameterized list objects) and locally 
cartesian closed with stable effective quotients with respect to Vq^^^- equivalence relations, and the em- 
bedding I : Q(mTT)set — > Q(mTT) preserves all such a structure. Moreover, the indexed category Vq^^^ 
validates first- order intuitionistic logic with equality, namely it is an intuitionistic hyperdoctrine in the 
sense of 'See83l, and the natural embedding i : Pq^^^ => Pq ■ I preserves such a structure. 

Remark 4.23 Note that to prove theorems 14. 201 we do not need to use any preservation of defini- 
tional equality of discharged premises in the elimination constructors, which is indeed absent in mTT. 
For example, we did not need to use rule E-eq list) in the appendix [7] about I in Eliist{s, a, I). Indeed, 
uniqueness of lists does not need such an equality preservation. The same can be said for binary products 
and coproducts with respect to elimination rules of strong indexed sums and disjoint sums of mTT. 

Moreover, the proof of local closure, or existence of suitable dependent products, went through 
without any use of the ^-rule mentioned in section [51 This point was already noticed in categorical 
terms in |CROO| IBCRS98] with the theorem stating that the exact completion of a lex category with 
weak dependent products has dependent products. In our case this can be read as follows. Let us define 
the category C(mTT)set in this way: its objects are mTT-sets, its morphisms from A to B are terms 
b{x) e B [x e A], and two morphisms bi{x) € B [x e A] and b2{x) e B [x e A] are equal if there exists 
a proof of \di{B, bi{x), 62(2;)) prop [x G A] in mTT. The identity and composition are defined as in the 
syntactic categories in |Mai05| . 

Then, to prove the local closure in Q(mTT)sct it is enough that in C(mTT)set the natural transfor- 
mation 

App ■ C(mTT).et/(A, =A)iS, Trf «^ ) ^ C(mTT.et)/(BE, =b^){ (^rf )*(<5) , n? ) 
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is siirjective without necessarily enjoying a retraction. In turn, to prove such a surjectiveness it is enough 
that A-terms exist without necessarily satisfying the ^-rule, which is instead necessary to define a proper 
retraction. 

4.1 The interpretation of emTT 

After theorem in order to interpret emTT in Q(mTT) , and emTT'^P in Q(mTT'**'), at a first glance 
it seems that we could simply use the interpretation in [Mai05] given by fibred functors (we remind from 
|Mai05| that this overcomes the problem, first solved in [ Hof94j , of interpreting substitution correctly 
when following the informal interpretation first given by Seely in |See84j and recalled in [Joh02b| ). But 
this interpretation requires a choice of Q(mTT)-structure in order to interpret the various constructors. 
Unfortunately, we are not able to fix such a choice. In particular we are not able to fix a choice of 
Q(mTT)-equalizers because they depend on the representatives of Q(mTT)-arrows. Indeed, the equalizer 
Eq{f,g) of two Q(mTT)-arrows /, p : (A, =a) — > {B,^b) may be defined as E^gA f{x) =a g{x), which 
depends on the chosen f,g and it is not intensionally equal to that built on another choice /',<?' of the 
same two Q(mTT)-morphisms, namely for which / =q(jji'];'T) -f' 3 ~Q(mTT) ^^^'i- Now, given that 
we are not able to fix a choice of Q(mTT)-arrows, we are not able to fix a choice of Q(mTT)-structure. 
Luckily, this problem can be avoided if wc work in Q(mTT) up to isomorphisms. Indeed, if we take the 
category Q(mTT)/~ obtained from Q(mTT) by quotienting it under isomorphisms, then this category 
enjoys a unique choice of the structure needed to give the interpretation in [MaiOSj . In this case, also the 
informal way of interpreting a dependent typed calculus in jSee84] can be used, because it turns out to 
be correct. Our solution is to interpret emTT in a category Q(mTT)/~ obtained by quotienting Q(mTT) 
only under suitable isomorphisms, called canonical isomorphisms, to make the proof of the validity 
theorem go through. In particular, we interpret emTT-signatures of types and terms in Q(mTT)/~ 
by just using an interpretation of them into Q(mTT), or better into extensional dependent types and 
terms of mTT. This interpretation allows us to determine Q(mTT)/~-objects and morphisms where to 
interpret emTT-signatures by selecting their representatives up to canonical isomorphisms. 
To this purpose, we need to generalize definition 14.91 of extensional dependent collection and that of 
extensional dependent set, as well as that of extensional dependent proposition and small proposition. 
To include all cases we speak of extensional dependent type. 

Def. 4.24 An extensional dependent type 

B^{xi, . ..Xn) [xi £ . . .x„ £ A„^ ] 

is given by a dependent type 

B{x'i_, . . . Xn) type [xx € A-i,. . .x^ £ A^] 
together with the following isomorphism: 

. Xji £ Aji , 

Pi £ Xi =Ai x'-i , P2 £ axl{x2) =A2 X2 ... Pn £ 0"^^ '.'.'.'C"-/ (^n) =A„ x'„] 

not depending on the proof-terms pi for i — 1, . . . ,n and preserving the equality of the various Ai 
for i = 1, ... ,n in the sense of definition 14.91 Such isomorphisms are also closed under identity and 
composition as in definition 14.91 Analogously to definition 14.91 we will use the abbreviation 

= (jZl','.'l'^{pi,...Pn,z) 

Then we define the notion of extensional isomorphism between two extensional dependent types: 

Def. 4.25 Given two extensional terms TB{y) £ C= [r=,{/ £ B^] and r(f (2) £ B^ [r=,y £ C=], we say 
that Tg and provide an extensional isomorphism between the extensional types i3= [r=] and C= [r=], 
if we can derive proofs of 

rE{rS{x)) =c(x) X prop [r=,x £ C=] and tq {tb (x)) =b^^-^ x prop [T^, x £ B=] 
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In the following, we simply indicate an extensional isomorphism with one of its parts, given that the 
inverse is uniquely determined up to extensional equality. 

In the interpretation we will need to use suitable canonical isomorphisms between extensional de- 
pendent types defined as follows: 

Def. 4.26 (canonical isomorphism) Let T§{y) G C= [r=,y G B=] be part of an extensional isomor- 
phism as defined in def. 14.251 We say when Tg is a canonical morphism by induction on the derivation 
of B= [r=] and C= [r=] as follows. For easiness, here we suppose to work in the larger calculus mTT^P; 

- If B = C = Prop, or B = C = No, or B = C = Ni, then Tg{y) =b y holds under the appropriate 
context in mTT. 

- If B = T,xeAD{x) and C = T.^^a' D'{x) where —b and —c are as =2 in proposition 14.121 with 
D= [T^,x G A=] and DL [r=,a; G AL] and [r=] and AL [r=] extensional dependent types 
having canonical substitution isomorphisms, then Tg{y) =c El^{y, {'wi,w2)-{ta {wi),t§ (^2)) ) 
holds under the appropriate context with and rj^ canonical isomorphisms where in particular 
td (y) G D'{ta (x)) [T^,x g A^,y G D={x)]. Moreover, also the substitution isomorphisms of B= 
and C= are of this form. 

- If 

with X the variables in T and analogously 

C = Ehgn^^^, D'{x) V^j,^26A' Vdga;i=^,^2 <^^',xl (Ap( h, Xl )) =D'{x2) Ap( h, X2 ) 

where =b is of the following form 

Va;6A Ap(7ri(2:) , x) =D(x) Ap( TTl (z') , j: ) fot z,z' £B 

and =c is of analogous form, with Z)= [r=, x G A=] and DL [r=,a; G AL] and A^ [r=] and AL [r=] 
extensional dependent types having canonical substitution isomorphisms, then we can derive a 
proof of 

Tsiy) =C {Xw^ -cr^A-f^A (^))(-ri5' (Ap(7ri(j/), r^' (w)) ) ) , p) 

for some proof-term p under the appropriate context with and t§ canonical isomorphisms 
where in particular (y) G D'{ta (x)) [T^,x g A=,y G D={x)]. Moreover, also the substitution 
isomorphisms of 5= and C= are of this form. 

- If B = List{D) and C = List{D') with both —b and =c as =List(C) in the proof of theorem l4.20l 
with _D= [r=] and DL [r=] extensional dependent types having canonical substitution isomor- 
phisms, then Tg{y) =c ElList{y, e, (yi, j/2, z). cons( z , t§ (2/2) ) ) holds under the appropriate context 
with t£ canonical isomorphism. Moreover, also the substitution isomorphisms of 5= and C= are 
of this form. 

- If B = ^ + B and C = A' + D' with both =b and =c as =b+c in the proof of theorem [4.201 
with A= [r=] and AL [r=] and B= [r=] and DL [r=] extensional dependent types having canonical 
substitution isomorphisms, then ts(j/) =c B/+(j/, (yi). inl( rj4 (j/i)), (3/2). inr( rjj' (1/2))) holds under 
the appropriate context with and tE canonical isomorphisms. Moreover, also the substitution 
isomorphisms of B= and C= are of this form. 

- If B prop [r] and C prop [T] are derivable and —b and =c are the trivial relation equating all 
proofs, then any Tg is canonical. 

Finally, an isomorphism rg is canonical if rg and tq are both canonical. 
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Remark 4.27 Note that the above definition of canonical isomorphisms can be adapted to work for 
mTT by simply adding a case analogous to the third one where 

D{x) = props z =D(x) z' = a <-» 2' for z,z' € props 

with cr|'^J(w) = w for m; e D{xi) and in particular 

B = EhgA^props Vxigyi Vx2eA a;i =A X2 ( Ap(/i, xi) ^ Ap(/i, 0:2) ) 

and furthermore C is defined analogously. 

Note that canonical isomorphisms are closed under composition, and more importantly between two 
extensional dependent types there is at most only one canonical isomorphism extensionally: 

Proposition 4.28 Canonical isomorphisms enjoy the following properties: 

- If T A in) G B= [r=,y G AJ\ and T§{y) G C= [T^,y £ B=] are canonical isomorphisms, then 
TaiTAiy)) G C= [T=,y € A=] is also a canonical isomorphism. 

- Ifr^iv) e [r=,j/ G A=] and r'^iy) G B^ [r= , y G A=] are both canonical isomorphisms, then we 
can prove that they are equal as extensional terms, namely that we can derive a proof of 

TA{y) =B r'f (y) prop [T=,y G A=] 

Proof. The proof is by induction on the definition of canonical isomorphism. 

Then we define the quotient category of Q(mTT) under canonical isomorphisms in which we will 
interpret emTT: 

Def. 4.29 Wc call Q(mTT)/~ the category obtained by quotienting Q(mTT) under canonical isomor- 
phisms: namely an object of Q(mTT)/~ is given by the equivalence class of a Q(mTT)-object {A,=a) 
under canonical isomorphisms: 

[(A=a)1 

and a morphism from [(yl, =a)] to [{B,=b)] is the equivalence class given by a Q(mTT)-morphism 
f : iC,=c) iD,=o) 

[f]:[{A,^A)]^[{B,=B)] 

such that {C,—c) is canonically isomorphic to {A,— a), i-c. via a canonical isomorphism, and (D,=d) 
canonically isomorphic to {B,=b)- Finally, two morphisms [f],[g] ■ [{A,=a)] [{B,=b)] are equal, if 
supposing / : (C,=c) {D,=d) and g : (M, =m) {N,=n) then 

9 ■ '^c =Q(mTT) • / 

for canonical isomorphisms tq and Tu- The unit and composition are those inherited from Q(mTT). 
We define the category Q(mTT'^'')/~ analogously and we will use it to interpret emTT'^^'. 

Why canonical isomorphisms. We will use canonical isomorphisms to interpret equality between 

emTT(emTT''P)-typcs. The reason is the following. The imdcrlying assumption is that, in order to 
be able to interpret quotient types, we interpret emTT-dependent types as mTT-extensional dependent 
types and emTT-tcrms as niTT-cxtcnsional terms. Then, it follows that the definitional equality between 
emTT-terms must be interpreted in the existence of a proof that the two terms are equal according to 
the equality associated to their type interpretation. Now, suppose that the mTT-extensional dependent 
collection BL{x) [x g AL\ interprets the cmTT collection B(x) col [x G A\^ and that the judgement 
ai = 02 G ^ holds in emTT and is valid in Q(mTT), namely that a{ =ai ai holds in mTT. Now, in 
emTT we get also that B(oi) = £(02) holds, too, but in Q(mTT) we just know that 

S^(oi)= is isomorphic to B^ {0.2)= 
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via a substitution isomorphism. Therefore, we are forced to interpret type equality as isomorphism of 
types, and to this purpose we introduce in mTT the judgement A= ^^^t 5= [r=] for saying that A= [r=] 
is isomorphic to [V^] via an mTT-extensional isomorphism. But then, in order to make the rule 
conv) in appendix [5] valid as well, we may need to correct the interpretation of an emTT-term b via 
an isomorphism. Indeed, supposing that a' e [VL] in mTT interprets the derived emTT-judgement 
a € Ai [r] and that the mTT-judgement Ai^ —ext ^2= [r=] interprets the derived emTT-judgement 
A-i — A2 col [r], in order to make the interpretation of the emTT-judgement a e A2 [F] derived by conv) 
valid, given that in mTT we only know that A{^ —ext A\^ [Fi] holds, we need to introduce in mTT the 
judgement 

a €ext ^2= [fL] 

to express that is extensionally of type A2 if it belongs to a type isomorphic to it, namely if in mTT 
we can derive 

r^fia')eAL [Fi] 
A' . . . 

via an isomorphism t.j. But now, given that the interpretation of cmTT-tcrms in mTT depends on 
isomorphisms, then the interpretation of emTT-types depends on isomorphisms, too, because types 
may depend on terms. Luckily, we are able to give the interpretation by making use of canonical 
isomorphisms only, and hence we require the isomorphisms used so far to be canonical. The fact that 
canonical isomorphisms between two interpreted types are at most one extensionally will allows us to 
prove the validity theorem. 

Before interpreting emTT-signatures, we say when two extensional dependent types under a common 
context and on different contexts are isomorphic: 

Def. 4.30 In mTT we say that the extensional dependent type [F=] is extensionally equal to the 
extensional dependent type C= [F=] with the judgement 

B^ —ext C= [F = ] 

if they are isomorphic via a canonical extensional isomorphism as in definition 14.261 

We will generally call the isomorphism components Tg{y) G C= [F=,y e -B=] and tq{z) g _B= [F=, j/ g C=]. 

Def. 4.31 Given the mTT-extensional dependent types 5= [F=] and D= [A=] where F= = n G 
Ai^, . . . ,Xn G An^ and A= = yi e Ci=, . . . ,yn G C„^ we introduce the judgement 

B= [F=] ^ext D= [A^] 

to express that in mTT we can derive Ai =ext Ci and Ai^ =ext ACt^^ (a^i), ■ • . ,'r^^~j'(a;i-i) )= [xi G 
Ai^, . . . , Xi-i G Ai-i^ ] for canonical isomorphisms r^' for i = 2, . . . , n, if n > 2, (where we still use the 
notation t^' even if the types are on different contexts) and also 

B= =ext 5= [F=] 

via a canonical isomorphism t§ where D = D [yi/r^l (xi), . . . , y-n/r^l^ {x„) ] whose equality is w w' = 
z =D z' [yi/T^l{xi), . . .,y„/T^^{x„) ,z/w, z'/w]. 

Then, we are ready to define when a term belongs to a type in an extensional way: 

Def. 4.32 Given an mTT-extensional term b G -D= [A=] and an mTT-extensional dependent type 
B^ [F=] where F= = G Ai^,...,x„ G A„^ and A= = yi G Ci^,...,y„ G C„=, and supposing 
that _B= [F=] =ext [A=] with canonical isomorphisms t'^' for i = 1, . . . , n, if n > 1, and Tg , then in 
mTT we say that 6 is extensionally of type 5= [F=] with the judgement 

b Gext B^ [F = ] 
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if in mTT we can derive _ 

6 e B= [r=] 

where 6 = ri^( 6(r^i (xi), . . . , r^; ) ). 

Then, we define extensional equahty between terms: 

Def. 4.33 Given two mTT-extensional terms 

b Ge.t B= [r=] c e,^t [r^] 

in mTT we say that they are extensionally equal terms with the judgement 

b =ext C £ext B= [r = ] 

if and only if in mTT we can derive a proof 

pe~b=j^z [r] 

where b, c and B are defined respectively as in definitions 14.321 and 14.311 

Interpretation of emTT types and terms. Now we are ready to define the interpretation of 
emTT type and term signatures as mTT-extensional dependent types and terms, respectively. Then, a 
type judgement will be interpreted as an extensional dependent type 

{Btype [V\y = BL [fL] 

and a term judgement as an extensional term which belongs only extensionally to the interpretation of 
the assigned type as follows: 

{beB[r]y = b' eext bL [ri] 

In order to give an idea on how the interpretation is defined, suppose to interpret Eq(_B,&i,62) prop [F] 
assuming that {B type [F])^ = BL [VL]. Then, the term signatures bi and 62 under context V are 
assumed to be interpreted as mTT-extensional terms b{ e C= [ri] and bi £ M= [Fi]. Now, to give 
the interpretation we do not require as usual that C= is equal in mTT to A/= and to Si, but only 
that it is isomorphic to them via canonical isomorphisms. Hence we put ( Eq(_B, &i, 62) prop [F] )^ = 
b{ —gi prop \r'] where we have corrected the interpretation of h\ and 63 to match the type B' as in 
definition 14.321 bv means of canonical isomorphisms. 

This explains why we give an interpretation (— )^ : emTT — > mTT of emTT- type and term signatures 
as extensional dependent types and terms in mTT, that is not only partial as usual interpretations of 
dependent type theories (see first paragraph in appendix [5]) , but also uses canonical isomorphisms. 

Analogously, we define an interpretation (— )^ : emTT'^P mTT'*^' of emTT'^^'-type and term signa- 
tures as mTT''^ extensional dependent types and terms. 

The interpretations are properly defined in appendix [21 Here, we just show the interpretation of 
the power collection of the singleton P(l) and of dependent product sets, quotient sets and function 
collections toward T{1) with their terms. Therefore, to interpret these emTT-types as extensional 
dependent types of mTT, we need to specify the support of their interpretation with related equality 
and substitution morphisms. Note that in the case we are interpreting a type or a term that requires to 
have already interpreted more than one term, we need to match the types of such terms and we assume 
to correct them via canonical isomorphisms. In the following, we simply write instead of . 
The power collection of the singleton is interpreted as the extensional collection classifying T'g-small 
propositions in theorem l4.201 namely as the mTT-collection of small propositions equipped with equiprov- 
ability as equality: 



23 



Power collection of the singleton : 

V{iy col [r'] = prop, [r^] 

and 2 ^props-f z' = {z ^ z') A {z' — » z) for z, z G prop, 
erf- iw) = vj for x,x' G F^,™ G props. 
{[A])' = for A small proposition. 

The dependent product set is interpreted similarly to the extensional collection behind the construction 
of dependent product in theorem 14.201 namely as the strong indexed sum of functions preserving the 
corresponding equalities. Two elements of this indexed sum are considered equal if their first components, 
which are lambda-functions, send a given element to equal elements. This interpretation validates both 
/3 and 77 equalities for functions and also the ^-rule. 
Dependent Product set : 

{Uy^BCiy))' set[V'] = ^.f^^u^^^i cHy) ^vi,y2eB' '^deyi=^iy2 o-S,'^" ( Ap(/i, yi) ) =c-ffe) Ap(/i, 3/2) 
and 2 =n 2' = "iy^Bi Ap( 7ri(z) , ^^-'(i/) Ap( tti (z') , y) for 2, 2'^G ( Hygs C(?/) / 

( Ay^.c)^ = {Xy^ -c' ,p) where p G Vj^^^^^gs/ Vdeyi=^,y2 '^l.y! ( ) ^c'{y2) ^' (Vi) 

iAp{f,b)y ^ Ap{Mf),b') 

a§'iw) ^ (Ay'^'(-').a^;;i(^,j(Ap(^iH, af,(y'))),P> torx,x' G V and w G ( H.^b C7(y) )^(^). 
where p is the proof-term witnessing the preservation of equalities obtained from tt2(w). 

The quotient on a set whose interpretation has support is interpreted as the extensional set with 
same support A^ , but whose equality is the interpretation of the quotient equivalence relation, in a 
similar way to the construction of quotients in theorem 14.201 Then the interpretation of the quotient 
map is simply given by the identity and effectiveness becomes trivially validated: 

Quotient set : 

{A/R set [T])' = A' set [F'] 

and 2 ~A/R' z = R^{z,z') for 2,2' G A' 
{[a\) = a' and Elqip,!)' = I'ip'') 

cr§' {w) is defined as the substitution isomorphism of AL [VL]. 

A function collection toward P(l) is interpreted as the extensional collection behind the construction of 
local exponential of the P^-small propositions classifier in theorem 14.201 

Function collection toward 'P(l) : 

(B^Pil) col [r]y = Eftgsr^p^p^ Wy^^B' "^y^eBi yi =B' y2 ^ (Ap(/i,yi) ^ Ap(/i,y2)) 

and 2 2' = Vj^gB/ Ap(7ri(2),y) ^ Ap( 7ri(2') , y) for 2, 2' G ( 
(Xy'^.cy = {\y^ .c\ p) where p e^y^^gi ^/y^^B' Vi =3' Vi ^ (c'iyi) ^ c'{y2)) 
{Ap{f,b)y ^ ApUi (/),&?) 

af'H = (Ay"'''"'^<„"^(„,)(Ap(7riH , af,(y'))), p) for x,^ G and » G ( B ^ ^(1))'(^) where p is a 
proof-term witnessing the preservation of equalities obtained from ^2(11)). 

Remark 4.34 Note that we need to close mTT collections under strong indexed sums in order to 
interpret function collections toward ^(l), and hence in turn to interpret power collections of sets as 
described in section [3l 

After giving the interpretation of eniTT-signatures (and emTT'^^-signatures) into mTT-extensional 
dependent types and terms, we can interpret emTT (and emTT'^P) judgements in the category Q(mTT)/~ 
(Q(mTT''^)/~) by following the naive interpretation of dependent types in |See84| and in the complete- 
ness theorem in |Mai05| . To this purpose we need first to transform extensional dependent types into 
Q(mTT)-arrows as in proposition [1321 

Def. 4.35 Given an mTT-context r= we define its indexed closure Sig(T=) as a Q(mTT)-object together 
with suitable projections 7r"(z) for z G S'iy(r=) and j = 1, . . . , n by induction on the length n of r= as 
follows: 
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- If = a; e then 

Sig{x £ A^) ={A,—a) and T^iiz) = z 

- If r= = A,x G A of n + 1 length then 

Sig{ A=,x € A=) = ( E^gsig(A=) A[xi/Tr"{z), . . . x„/tt"^{z)] , =sig ) 

where W =Sig w' = 3de7ri(-w)=si!,^li-^') Kl[Z)^ (^^{w)) =a„, TT2{w') 

for w, to' G S^gsig(A^) A[xi/n"{z), . . .x„/tv"{z)] and tv"+^{w) = Tv^{ni{w)) for j = l,...,7i and 
= TT2{w) and A„/ = A[xi/tt'1{tti{w')), . . . x„/tvII{tti{w'))] . 

Def. 4.36 (Interpretation in Q(mTT)/~) The interpretation of eniTT judgements in the category 
Q(mTT)/~ 

Int : emTT ^ Q(mTT)/~ 

is defined by using the interpretation of emTT-signatures into mTT-extensional dependent types and 
terms in appendix [S] as follows. 

An emTT-dependent type is interpreted as the projection in Q(mTT)/~ of its interpretation as mTT- 
extensional dependent type according to the idea of turning a dependent collection into an arrow in 
proposition 14.121 

Int{Btype[V]) = [m] : [Sig{rL, BL)] ^ [Sig{rL)] 

Then, an cmTT-type equality judgement is interpreted as morphism equality of type interpretations in 
Q(mTT)/~ 

Int{A = B type [T] ) = Int{Atype [T]) =Q(mTT)/~ ^'^*(^ ^VP"" [^1) 

which amounts to prove that their interpretations as mTT-extensional dependent types are extensionally 
equal, namely that in mTT we can derive 

aL =,^t bL[vI] 

An emTT-term is interpreted as a section of the corresponding type and it is built out of its interpretation 
as mTT-extensional term: 

Int{b£B[V]) = [{z,¥)]:[Sig(Tl)]^[Sig{TL,Bl)] 

where is obtained by substituting its free variables xi, . . . ,Xn with T^j'iz) for j = 1, . . . , n as in defini- 
tion [¥2S1 The given interpretation amounts to derive in mTT 

b' Ge.t B' [t'] 

Note that the interpretation of a term is a section of its type interpretation because [7ri]-[(2, ¥)] ^Q^mTT) /•~- 
id holds. 

Finally, an emTT-term equality judgement is interpreted as the equality of Q(mTT)/~-morphisms in- 
terpreting the terms: 

Int{a = beB [V]) = Int{a £ B type [F] ) =Q(mTT)/~ Int{b e B type [F] ) 
which amounts to derive in mTT 

a' =,^t b' Se.t B' [V'] 
Analogously, we define the interpretation of emTT'^P -judgements in Q(mTT'*'')/~. 
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In order to prove the validity theorem we need to know how to interpret weakening and substitution. 
For easiness we just show how to interpret substitution. 

Note that in the following, given a context r = E,2;„ e An, A with A = x„+i e An+i, ...,Xk G Ak then 
for every a G A„ [S] and for any type B type [F] we simply write the substitution of x„ with a in B in 
the form B[x„/a] type [E, A^] instead of the more correct form B[x„/a„][xi/x'j]i^„^i^,,,^k type [E, Aa] where 
Aa = x'„+i € A'„+i, ...,x'f, e A'k and A'j = Aj [a;„/a„][a;i/x-]i=„+i,...j_i for j = n + 2, if n + 2 < fc, 
otherwise A'^^i = A„+i [x„/a„]. If A is the empty context, then Aa is empty, too. Similar abbreviations 
are used also for terms. 

Lemma 4.37 For any emTT judgement B type [F] interpreted in Q(mTT)/~ as 

H : [Sig{vL,weBL)]^[Sig{Tl)] 

and b G B [T] interpreted in Q(mTT)/~ as 

[{z,¥)] : [SigirL ) ] ^ [SigirL ,weBL)] 

substitution is interpreted as follows: supposed T = E,a;„ € A„,A with A = x„+i G An+i, ■■■,Xk £ Ak if 
not empty, for every emTT judgement a £ An [E] interpreted as 

[{z,^}] : [Sig{E'=)]-.[Sig{J:' = ,Xn€Ai^)] 

then 

I{B[x„/a] type [E, A^] ) =Q(niTT)/~ 

M : [Sig{J:' = ,Ai^,weB'[xr./a']^)]^[Sig{E'^,Ai^)] 

and 

Int{b[xn/a] eB[x„/a] type [S, Aa] ) =Q(niTT)/~ 

[{z,bi[x„/a'])]: [5i3(E^ = ,AL)]-> [Siff(E^.,AL,^eB'[a;n/<?]=)] 

where the support of B'[xn/a']^ is B'[xn/a'\[xi/x'i]i^n+i,....k and its equality is given by z ~gi^^ z' = 
iz=Bi z')[xn/a'][xi/x'i\i=n+i,...,k if A is not empty. 

Proof. By induction on the interpretation of the signature. 

An analogous lemma holds for the interpretation of cmTT'^^-signatures in Q(mTT'^^)/~. 

Theorem 4.38 (validity of emTT into Q(mTT)/~) The calculus emTT is valid with respect to the 
interpretation in definition \4-. 36\ of emTT -signatures in Q(mTT)/~; 

If A type [r] is derivable in emTT, then Int{A type [F] ) is well defined. If a £ A [T] is derivable in emTT, 
then Int{ a G A [F] ) is well defined. Supposing that A type [F] and B type [F] are derivable in emTT, if 
A — B type [F] is derivable in emTT, then Int{A = B type [F] ) is valid. 

Supposing that a G ^4 [F] and b £ A [V] are derivable in emTT, if a = b € A [F] is derivable in emTT, then 
Int{ a = b £ A [F] ) is also valid. 

Proof. We can prove the statements by induction on the derivation of the judgements by making use 
of theorem 14.201 

Note that the rule conv) is validated because of the presence of canonical isomorphisms witnessing 
that two types are extensionally equal. Moreover, conversion rules are valid thanks to the properties of 
canonical isomorphisms in proposition 14. 28] and thanks to the fact that they send canonical elements to 
canonical ones. 

Analogously, we can prove: 
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Theorem 4.39 (validity of cmTT'^P into Q(mTT'^P)/~) The calculus emTT'^P is valid with respect 
to the interpretation in definition \4-36\ of emTT^P -signatures in Q(mTT'''')/~; 

If A type [r] is derivable in emTT'^P, then Int(A type [F] ) is well defined. If a a A [F] is derivable in 
emTT'^P, then Int{a G A [F] ) is well defined. Supposing that A type [F] and B type [F] are derivable in 
emTT'^P, if A = B type [F] is derivable in emTT'^P, then Int{A = B type [F] ) is valid. 
Supposing that a e A [F] and b e A [F] are derivable in emTT''^', if a = b e A [F] is derivable in emTT'^P, 
then Int{ a — b A [F]) is also valid. 

Remark 4.40 Note that the power collection of a set is interpreted in Q(mTT) as the quotient of 
suitable small propositional functions under equiprovability as in [SV98|, but with the difference that 
here it is a particular construction on the top of niTT, while in [SV98j it is declared to be a type in 
the underlying intensional theory, which then looses the decidability of type judgements. Hence, in our 
interpretation of emTT over mTT a subset is interpreted as the equivalence class determined by a small 
propositional function, while in jSV98| it is identified with it. 

Remark 4.41 Internal logic of Q(mTT''^). As already announced, emTT is not at all the internal 
language of Q(mTT), because, for example, it does not include generic quotient collections whilst they 
are supported in the model. Even emTT''*' is not the internal language of Q(mTT''^). One reason is 
the following. If we restrict to the set-theoretic fragment of emTT, called qmTT in [Mai07| and here 
emTTaet, then the interpretation of implication, of universal quantification and of dependent product 
set do not seem to be preserved by the functor ^ : Q (mTT) set C(emTTset) sending an extensional type 
into its quotient, where C(emTTset) is the syntactic category of emTTset defined as in [Mai05| (see also 
\vdB06\ ). 

However, if we take the set-theoretic coherent fragment cemTT of emTTset, then we expect cemTT 
to be an internal language of the quotient model built out of the corresponding set-theoretic coherent 
fragment cmTT of mTTset . The coherent fragment cemTT is obtained from the set-theoretic fragment 
emTTset by cutting out implication, universal quantification and dependent product sets. Also the 
fragment cmTT is obtained from mTTset in an analogous way. A proof of this is left to future work. 



Remark 4.42 Connection with the exact completion of a weakly lex category. The construc- 
tion of total sctoids on mTT corresponds categorically to an instance of a generalization of the exact 
completion construction [CV98[ ICC82| of a weakly lex category. 

The connection with the construction of the exact completion in [CV98|, ICC82| is clearer if we build 
our quotient model over Martin-Lof 's type theory MLTT in |NPS90| . Then, such a quotient model built 
over MLTT, always with total setoids as in definition 14. II and called Q(MLTT), happens to be equivalent 
to the exact completion construction in |CV98[ ICC82j performed on the weakly lex syntactic category, 
called C(MLTT), associated to MLTT as in remark In particular, Q(MLTT) turns out to be a 

list- arithmetic locally cartesian closed pretopos. 

Now, it is important to note that the quotient model Q(MLTT) does not seem to be closed under 
well-behaved quotients, if we identify propositions as sets as done in MLTT. Indeed, under this identifi- 
cation Q(MLTT), but also Q(mTT), supports first order extensional Martin-Lof 's type theory in |Mar84| 
and hence it validates the axiom of choice, as a consequence of the fact that universal and existential 
quantifiers are identified with dependent products H and strong indexed sums S respectively. Then, 
effectiveness of quotients, being generally incompatible with the axiom of choice (see |Mai99| ). does not 
seem to be validated. 

To gain well-behaved categorical quotients in Q(MLTT) , one possibility is to reason by identifying 
propositions as mono sets as in the logic of a pretopos (see |Mai05| V Instead, in Q(mTT) we get 
them by identifying propositions and small propositions respectively with only those monomorphisms 
that arise from mTT propositions and small propositions via the comprehension adjunction, and that 
we called T'g-propositions and T'g-small propositions. In fact, even if Q(mTT) supports quotients of 
all mono equivalence relations, these do not seem to enjoy effectiveness. Categorically speaking, this 
means that Q(mTT) does not seem to be a pretopos, even if it has quotients for all monic equivalence 
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relations. Indeed, we are not able to prove that all monic equivalence relations are in bijection with Vq- 
equivalence relations, for which effective quotients exist (which explains why we introduced the concept 
of Pq-equivalence relation!). 

Finally note that effective quotients in Q(mTT) and Q(mTT)set, and also in Q(mTT'^''), are enough 
to make these models regular (see [Joh02aj for the categorical definition): indeed one can define the 
image of / : {A,^a) {B,^b) as the quotient of {A,^a) over its kernel, namely as {A, f{x) =_b f{y) ), 
after noticing that monic arrows are indeed injective. 

Remark 4.43 In order to interpret quotients in mTT we also considered to mimic the exact comple- 
tion on a regular category in [CV98[ |Hyl82| . But we ended up just in a list-arithmetic pretopos, for 
example not necessarily closed under dependent products. Indeed, given that in this completion arrows 
are identified with functional relations, if the axiom of choice is not generally valid as it happens in 
mTT, in order to define exponentials and dependent products we would need to use an impredicative 
quantification on relations that is not allowed in mTT for its predicativity. 

4.2 The axiom of choice is not vahd in emTT 

The axiom of choice is not derivable in emTT. This is not surprising, if we consider that it may be 
incompatible with effective quotients (see Mai99,). To show this fact, just observe that the propositional 
axiom of choice written in emTT as follows 

{AC) yxeA3yeB R{x, y) — > 3f e A ^ B \/x € A R{x, Ap(/, x) ) 

is exactly interpreted in Q(MLTT), and also in Q(mTT), as: 

\/x £ A' 3y e B' R'{x,y) — > 3f e {A ^ B)' \/x £ A' R' {x,Ap{f,x)) 

where we recall that 

{A —> B)' = T.f^^A'^Bl '^xiSAl ^X2&A' ^1 ^A' 2^2 ^ Ap(/l, .Ti) =^1 Ap{h,X2) 

This interpretation in Q(mTT) amounts to be exactly equivalent to the extensional axiom of choice in 
|ML06[ ICar04j given that satisfies the conditions: 

- If a =Ai a' then V^g^/ R\a, z) R' {a , z) holds. 

- If h ^gi h' then V,gA/ R'{z,b) R'{z,h') holds. 

Therefore, the arguments in [ML06[ IUar04j exactly show that the propositional axiom of choice fails to 
be valid in the quotient models Q(MLTT), and even more in Q(mTT) or in an Heyting pretopos, and 
hence also in emTT. Indeed, we can prove that the validity of the axiom of choice in emTT yields that 
all propositions are decidable as shown in [ML06|, ICar04( IMV99] , whose proof goes back to Goodman- 
Myhill's one in GM78J. To prove this, we use a choice property valid for effective quotients thanks to 
the fact that propositions are mono: 

Lemma 4.44 In emTT for any quotient set A/R set [F] we can derive a proof of 

^zeA/R ^yeA [y] ^A/R Z 

Proof. Given z G A/R, by elimination of quotient sets we get E\q{z, (a;). true) e JyeA [y] =a/r z because 
for X £ A then 3j,gA [y] ~a/r W holds by reflexivity of Propositional Equality by taking y as x and it is 
well defined since propositions are mono. 

Proposition 4.45 In emTT the validity of the axiom of choice 

(AC) \/x e A3y e B R(x,y) — > 3f £ A B \lx £ A R{x,kp{f,x)) 

on all emTT sets A and B and small relation R{x,y) props [x £ A,y £ B] implies that all small proposi- 
tions are decidable. 
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Proof. Wc follow the proof in [Car04| . Let us define the following equivalence relation on the boolean 
set Bool = Ni + Ni whose elements are called true = inl(*) and false = inr(*): given any proposition P we 
put 

R{a, b) = a =booI bV P 
Then, thanks to lemma [4.441 in emTT we can derive a proof of 

^zSBool/R ^yGBool Z =Bool/R [v] 

and by the validity of the axiom of choice we get a proof of 

3/ e Bool/R Bool G Bool/R z ^booI/r [Ap(,f, z)] 

that amounts to be an injective arrow by definition. Then, given that the equality in Bool is decidable 
(which follows by sum disjointness), we get that the equality in Bool/R is decidable, too. Hence, 
[true] —Bool/R [false] V -i[true] =booi/r [false] is derivable. Then, by effectiveness also _R(true, false) V 
^_R(true, false) is derivable, too. Now, given that 7?(true, false) ^ P, then P V -^P is derivable, too, 
namely P is decidable. The logic of small propositions is then classical. 

Note that a similar argument holds also at the level of propositions. Moreover, about pretopoi we can 
deduce the following: 

Corollary 4.46 A locally cartesian closed pretopos enjoying the validity of the propositional axiom of 
choice is boolean. 

Proof. The internal logic of a locally cartesian closed pretopos devised in [Mai05| is an extension of the 
set-theoretic fragment of emTT and validates lemma 14.441 

In Q(MLTT) the propositional axiom of choice survives at least for those quotients whose equivalence 
relation is the propositional equality of MLTT. Only the validity of the axiom of unique choice continues 
to hold in its generality in Q(MLTT) (see also |ML06] ). 

4.3 What links the two levels? 

A question we need to address in forming a two-level foundation is to decide what mathematical link 
should tie the two levels. In [MS05j we said that the extensional level must be obtained from the 
intensional one by following Sambin's forget-restore principle expressed in [SV98 . 

Our example of two-level foundation fully satisfies such a principle. In particular, the interpretation of 
emTT into the quotient model over mTT makes visible the validity of such a principle. Indeed, in emTT 
we work with undecidable judgements, while those of mTT are decidable. The interpretation of emTT 
into mTT restores the forgotten information of emTT undecidable judgements by transforming them 
into decidable ones, once the lost information has been recovered. For example, the emTT-judgement 
B = C set [r] is interpreted as the existence of a canonical isomorphism 

emTT mTT 

there exists a canonical isomorphism with components 
I{B ^ C set [T]) = , , 

T^i (y) ecL[rL,ye bL] and r^, (z) e bL [rL,y e cL] 

This says that in order to interpret emTT-type equality into mTT we need to restore the missing 
canonical isomorphisms and hence to prove suitable decidable mTT judgements. 

Another example, already studied in |Mar841 IMar85[ IVal95| , is the interpretation of the validity of a 
proposition A prop [F], expressed by the emTT judgement true € A, as the existence of a proof-term: 

emTT mTT 
/(true E A) = there exists p E A^ 
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In other words to interpret the vahdity of a proposition we need to restore a proof-term of its mTT- 
interpretation. 

Such considerations reveal that the hnk between our two levels is not then a merely interpretation 
of the extensional level into the intensional one. Instead, the extensional level is designed over the 
intensional one only by forgetting information about equality between types and terms that can be restored, 
and hence it is implemented only via a quotient construction performed on the intensional level. 

Therefore, this kind of two-level foundations rules out examples of two-level foundations where the 
extensional level is governed by a classical logic that is interpreted in the intensional one, like mTT, via 
a double-negation interpretation. 

5 Future work 

Given that emTT is not at all the internal language of our quotient model Q(mTT), we would like to 
find out whether such an internal language exists in terms of an extensional dependent type theory. 
In particular, it would be useful to find the internal language of the quotient model Q(MLTT) built 
over Martin-L6f 's type theory in an analogous way to Q(mTT). An application of this would be to 
extend emTT with occurrences of the axiom of choice that are constructively admissible. Indeed, whilst 
the propositional axiom of choice is generally constructively incompatible with emTT, as recalled in 
section 14. 2[ there are extensional sets on which we can apply the axiom of choice without loosing 
constructivity, as advocated by Bishop in |Bis67j . For example, in the quotient model Q(MLTT) over 
Martin-L6f 's type theory the axiom of choice is valid on those extensional sets whose equivalence relation 
is the identity relation, including, for example, the extensional set of natural numbers. These extensional 
sets are actually copies of intensional sets at the extensional level. 

We think that knowing the internal language of Q(MLTT) in terms of an extensional dependent type 
theory a la Martin-Lof would help to characterize such intensional sets in emTT without stating their 
existence in a purely axiomatic way in the style of Aczel's Presentation axiom in [ARj . 
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6 Appendix: The typed calculus mTT 

We present here the inference rules to build types in mTT. The inference rules involve judgements 
written in the style of Martin-Lof's type theory |Mar841 lNPS90j that may be of the form: 

A type [V] A = B type [F] a e A [T] a = be A [T] 
where types include collections, sets, propositions and small propositions, namely 



For easiness, the piece of context common to all judgements involved in a rule is omitted and typed 
variables appearing in a context are meant to be added to the implicit context as the last one. 



2003. 



95:33-48, 1984. 



type G {col, set, prop, props } 
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Note that to write the ehmination constructors of our types we adopt the higher order syntax in 
|NPS90j Fl. 

We also have a form of judgement to build contexts: 



r cont 



whose rules are the following 

9 cont p_^ Atype[r xeA] ^ ^ ^ 

r,x £ A cont ^ ' 

Then, the first rule to build elements of type is the assumption of variables: 

, r, x £ A, A cont 

var) — — —- 

' a; G A [r,x e A, A] 

Among types there are the following embeddings: sets are collections and propositions are collections 

A set • + n ^ P™P 

set-into-col) — — prop-into-col) 



A col A col 

Moreover, collections are closed under strong indexed sums: 

Strong Indexed Sum 

^ ^, C(x) col\x£B\ beB c£ C{b) C{x) col [x e B] 



E-E) 



C-E) 



iC{x) col {b,c) eT,a,eBC{x) 

M{z) col [z e E,esC(a;)] 

d e Y^^^bC{x) m[x, y) £M{{x,y)) [x € B,y e C{x)] 
Els{d,m) G M{d) 

M{z) col [z G E,gsC(a;)] 

b£B c G C{b) m{x, y) G M{{x, y)) [x € B,y e C{x)] 



Els{{b,c),m) = m{b,c) G M((6,c)) 
Sets are generated as follows: 



a G No A(x) col [x G N, 



empo(a) G A{a) 

t e Hi M{z) col [z e Ni] ceM{-k) 
ElNi{t,c) G M(t) 



Empty set 

F-Em) No set E-Em) 
Singleton 

S) Ni set I-S) ★ G Ni C-S) 

Strong Indexed Sum set 

C{x)set [xeB] 
E^eBCix) set 

®For example, note that the elimination constructor of disjunction El\j{w, ag, ac) binds the open terms as(x) £ A [x £ 
B] and ac{y) £ A [y £ C]. Indeed, given that they are needed in the disjunction conversion rules, it follows that these open 
terms must be encoded into the elimination constructor. To encode them we use the higher order syntax as in |NPS90) 
(see also IGuiOSH . According to this syntax the open term ag{x) £ A [x £ B] yields to {x £ B)ag(x) of higher type 
(x £ B) A. Then, by r;-conversion among higher types, it follows that {x £ B)aB{x) is equal to ag- Hence, we often 
simply write the short expression as to recall the open term where it comes from. 
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List set 

„ , C set T N ListiC) set ^ ,. , s G List{C) c£C 

F-list) , . Ii-list) /. ',. l2-list) 7 , \. 

' Ust{C) set ' e€List{C) ' cons{s, c) € List{C) 

L{z) col [z e List{C)\ s G List{C) a G L{t) 

^ J. , l{x,y,z) G L(cons(a;,i/)) [a; G List{C),y e C,z€ L{x)] 
ElList{s,a,l) e L{s) 

L{z) col [z G List{C)] a G L(e) 

^ ^.^^ l{x,y,z) G L(cons(a;, j/)) [a: £ List{C),y gC,z€ L{x)] 
^''^ Elust{e,a,l)=a£L{e) 

L{z) col [z G Lisf(C)] s G Lisf(C) c G C o G -L(e) 
^ j.^^ l{x,y,z) G L(cons(x, ;/)) G List(C),y eC,z € L{x)] 

ElListicons{s,c),a,l) = l{s,c,ElList{s,a,l)) G L(cons(s,c)) 

Disjoint Sum set 

, B set C set , be B B set C set , c€C B set C set 

B + C set inl(6) eB + C inr(c) G S + C 

Aiz) col [zeB + C] 
^ we B + C aB{x)€ A{\n\{x)) [x G B] ac{y) G A{\m{y)) [y G C] 

El+{w,aB,ac) € A{w) 

A(z) col [zeB + C] 

b e B UB[.r) e ,l(inl(,i-)) [,,: e B] ucijj) e -l(inr(,y)) [y fc C] 



£;/+(inl(6), OS, oc) =as(6) G ^(inl(c)) 

A{z) col [z£B + C] 

c G C aB{x) e A{\n\{x)) [x £ B] ac{y) G A(inr(y)) [y G g] 
El+{\nr{c),aB,ac) = ac(c) G ^(inr(c)) 

Dependent Product set 

p C{x) set [x€ B] B set ^ c{x) G C{x) [x £ B] C{x) set [x e B] B set 
U^eBC{x) set ' Xx'^ .c{x) G n^esC(a;) 

b€B fGU^esCix) 



/3C-n) 



Ap(/,6)GC(6) 

b G B c{x) G C(a:) [g G B] C{x) set [x € B] B set 
Ap(Aa;^.c(a;),6) = c(6) G C(6) 



Propositions are generated as follows: 
Falsum 

T^T^Ni t^t^n"^-'-^ prop 

F-Fs) ± prop E-Fs) — ^-—^ 

ro(o) G A 

Disjunction 

, B prop C prop , b £ B B prop C prop , c G C B prop C prop 

' BVC prop inlv(6) eBVC ^"^^ inrv(c) SBVC 
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A prop 

weBVC aB{x)eA[x€B] ac{y) e A [y € C] 
El\/{w,aB,ac) £ A 

A prop B ) 

Ci-V) 



A prop B prop C prop 

beB aBix)£A[xeB] ac{y)eA[y£C] 



Mv(inlv(b), as, ac) = as(6) £ A 

A prop B prop C prop 
^ ceC aB{x)€A[x€B] acjy) e A [y € C] 

£JZv(inrv(c),OB,oc) = oc(c) € A 

Conjunction 

, B prop C prop , b € B c € C B prop C prop 

' BAG prop (6,A c) eBAC 

E,-A) E.-A) 

TT^id) e b TT^{d) e C 

b € B c € C B prop C prop an \ b € B c £ C B prop C prop 

^''''''^ ^n{b,.c))=bsB .?((Vc))=ceC 

Implication 

B prop C prop 



I—) 



B ^ C prop 

c{x) eC [x eB] B prop C prop ^ b£B f € B C 
X^x'^.cix) €B^C ^' Ap^(/, 6) € C 

b € B c{x) € C [x £ B] B prop C prop 



Ap^{X^x^.c{x),b) = c{b) eC 
Existential quantification 

p C{x) prop [x € B] J b€ B c € C(b) C{x) prop [x € B] 
3xeBC{x) prop (6,3 c) € 3xesC(a;) 



E-3) 



C-3) 



M prop 

d£3xeBC{x) m{x,y) £ M [x e B,y £ C\x)] 
El3{d,m) € M 

M prop C{x) prop [x £ B] 

beB c € C{b) m{x, y) e M [x £ B,y € C{x)\ 



El3{{b,3 c),m) = m{b,c) £ M 
Universal quantification 

C{x) prop [x € B] c{x) £ C{x) [x £ B] C{x) prop [x 6 B] 

" V,6sC(a;) prop ' ' X^^x^ .c{x) € y^eBC{x) 

g b€B fe^^esCix) b € B c{x) g Cjx) [x € B] Cjx) prop [x € B] 

Apv(/,6) eC(6) ' ' Apv(Avx^.c(x),6) = c(6) e C(&) 
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Propositional Equality 



Acol a£A b€A ^ ^ a e A 

F-id) — TTTi — rrz:— — I-W) 



E-Id) 



C-Id) 



\d{A, a, b) prop idA(a) £ ld(A, a, a) 

C{x, y) prop [x : A,y & A] 

aeA be A pG\d{A,a,b) c{x) G C{x,x) [x e A] 
Elu{p, {x)c{x)) € C{a,b) 

C{x,y) prop [x : A,y e A\ 
a e A c{x) e C{x, x) [x e A] 



_E/id(idA(a), {x)c{x)) = c(o) e C(a, a) 



Then, small propositions are generated as follows: 

B props C props B props C props B props C props 



_L props 



By C props B ^ C props BAG props 

C{x) props [x e B] B set C{x) props [x e B] B set A set ae A be A 
JxeBC{x) propa \/xeBC{x) props \6{A,a,b) props 

And we add rules saying that a small proposition is a proposition and that a small proposition is a set: 

. , Aprops . ^ ^, Aprops 

props-into-prop) — props-into-set) 



A prop A set 

Then, we also have the collection of small propositions and function collections from a set toward it: 

Collection of small propositions 

F-Pr) props col I-Pr) 401. E-Pr) 

' ^ 'Be props B props 

Function collection to props 

F-Fun) I-Fun) ^ ^ -B] Bjet 

B -> props col \x .c{x) eB ^ props 

E-Fun) ''^^,/,t^^P^°P- /3C-Fun) c(.) E props [x € Bjet 

Ap(/,6) e props Ap(Aa;^.c(a;),6) = c(6) e props 

Equality rules include those saying that type equality is an equivalence relation and substitution of equal 
terms in a type: 

A type A = B type A = B type B ^ C type 

' A = A type ' B = A type ' A = C type 



subT) 



C{X1, Xn) type [Xl € Al, . . . , Xn e A„{xi, . . . , Xn-l) ] 

ai =bi e Ai ... a„ = b„ e A„{ai, . .., a„_i) 



C(ai, . . . , a„) = C(6i, . . . , 6n) type 

where type e {col, set, prop, prop, } with the same choice both in the premise and in the conclusion. 
For terms into sets we add the following equality rules: 
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a£A . a = b £ A . a = b€ A b = cgA 

I'^f) — „ ^ A sym) — — — tra) ■ 



sub) 



a = a € A b = a € A a = c € A 

C{X1,. . . , Xn) e C(X1, . . . ,Xn) [xi € Al, . . . , Xn € An^Xl, . . . ,Xn-l)] 

ai = 61 e ^1 ... a„ = bn € An{ai, . . . , o„_i) 

c(ai, . . . , o„) = c(6i, . . . , 6n) € C{ai, . . . , an) 



, a€ A A = B type , a = b e A A = B type 

conv) conv-eq) ; 

^ a£B a = b€B 

We call rtiTTset the fragment of mTT consisting only of judgments forming sets, small propositions 
with their elements. 

Finally, the calculus mTT'^^ is obtained by extending mTT with generic dependent collections: 



Dependent Product collection 

C{x) col \x e B] 
n^esCix) col 

beB feu^^BCjx) 

'^''^> Ap(/,6)eC(&) 



c(x) e C{x) [x g B] 

\X^.C{X) e Ila:eBC{x) 

beB c{x) € C{x) [x £ B] 
Ap(Aa;^.c(x), b) = c{b) e C(6) 



Note that in mTT'^P function collections toward props are clearly a special instance of dependent 
product collections. 

7 Appendix: The typed calculus emTT 

Here we present the calculus emTT. To build its types and terms we use the same kinds of judgements 
used in mTT, namely 

A type [r] A = B type [T] a € A [T] a = b€A [T] 

where types include collections, sets, propositions and small propositions: namely 

type € {col, set, prop, props } 



Contexts are generated by the same context rules of mTT. Also here note that the piece of context 
common to all judgements involved in a rule is omitted and that typed variables appearing in a context 

arc meant to be added to the implicit context as the last one. 
Collections arc closed under strong indexed sums: 

Strong Indexed Sum 

^ ^, C{x) col [x€B] b€B ce C(b) C{x) col [x € B] 



E-S) 



C-S) 



jC{x) col (b,c) GT,^eBC{x) 

M{z) col [z e E^gsC(a;)] 

d € T,^eBC{x) m{x,y) € M{{x,y)) [x€B,y€ C{x)] 
Els{d,m) € M{d) 

M{z) col [z e S,esC(a;)] 

beB ceCib) m{x,y) £ M{{x,y}) [x e B,y eC{x)] 
Els{{b,c),m) = m{b,c) £ M{{b,c}) 
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Sets are generated as follows: 



Empty set 

F-Ern) No set E-Em) " ^ Np A{.) col [. ^ Hp] 

empo(o) G A{a) 

Singleton set 

S) N, set IS) . e N, C-S) ^ € M j^) col [. e N,] c e M {.) 
' ' ' ElH,{t,c) £ M{t) 

Strong Indexed Sum set 

^ C{x) set [x £ B] 
T,xeBC{x) set 

List set 

^ ^, C set ^ ^, ListiC) set ^ ,• « G ListiC) ceC 

F-hst) ^ . ^ , — - Ii-list) ^ . l2-list) ' ' . ^ 

' List(C) set e€ List(C) cons(s, c) £ List{C) 

L{z) col [z e ListiC)] s e List{C) a G L{e) 

g J. . l{x,y,z) G L{cons{x,y)) [x G List(C),y eC,z G L{x)] 
''^ ElListis,a,l) € L{s) 

L{z) col [z G List(C)] a G L{t) 

^ ^.^^ l{x,y,z) G L(cons(a:,i/)) [a G List{C),y e C,z€ L{x)] 
^ ElListie, a,l) = ae L{e) 

L{z) col [z G List{C)] s G List{C) ceC a G L{e) 
^ j.^^ l{x,y,z) G L(cons(a::,y)) [x G List{C),y eC,z € L{x)] 

ElList{cons{s,c),a,l) = l{s,c, ElList{s,a,l)) G I/(cons(s, c)) 

Disjoint Sum set 

, B set C set , 6 G B B .set C set , c G C B set C set 

' B + C set '""^^ inl(6) G B + C ^'"""^ inr(c) G B + C 

coi [a G B + C] 

^ w G B + C aB(a:) G A(inl(a:)) [x € B] acjy) G A{\nr{y)) [y G C] 

BZ+(w,os,oc) G A{w) 

A{z) col [z G B + C] 

b G B asix) G ^(inl(x)) [x G B] ac(y) G ^(inr(y)) [y G C] 
'■"'"^ BZ+(inl(6), OS, oc) =as(6) G A(inl(c)) 

A{z) col [z G B + C] 
^ cGC asix) e A{\n\{x)) [x e B] ac{y) e A{\m{y)) [y e C] 

^ El+{\nr{c),aB,ac) = ac{c) G A(inr(c)) 
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Dependent Product set 

^ C{x) set [x e B] B set ^ c{x) € C{x) [x G B] C{x) set [x £ B] B set 



E-n) 



U^eBC{x) set Ax^.c(x) € n^6sC(a;) 

6£B / £ n:,eBC'(a:) 
Ap(/,6)€C(6) 



beB c{x) € C{x) [x € B] C{x) set [x e B] B set 
Ap(Aa;^.c(a;),6) = c(6) € C(6) 



Ax".Ap(/,x) = / G na;6i3C(a;) 
Quotient set 

A set R(x,y) € props [x € A,y € A\ 

true G 7?(a;, a;) [x G ^] 

true G R{y,x) [x € A, y £ A, u e R(x,y)] 

true e R{x,z) [x e A, y € A, z e A, 

u G R{x,y), V G 



Q) 



A/i? set 



.aeA A/Rset , ogA be A true e R{a,b) A/Rset 



E-Q) 



C-Q) 



[o] G A/R ^ [o] = [6] G A/i? 

L(2) col [z G A/7?] 

pGA/il l{x) € L{[x\) [x € A] l{x) = l{y)£L{[x\)[x£A,y£A,d€R{x,y)] 

EIq{p,1) e L{p) 

L{z) col [z G A/R] 

aeA l{x) € L{[x]) [x € A] l{x) ^ l{y) e L{[x]) [x £ A,y S A,d € R(x,y)] 



EIq{1, [a]) = l{a) G L([o]) 
Effectiveness 

o G A 6 G A [a] = [6] G A/R A/R set 



eff) 



true G R{a, b) 



ertiTT propositions are mono, namely they are inhabited by at most a canonical proof-term; 

, A prop p £ A q£ A A prop p £ A 

prop-mono) — prop-true) 



p = q€ A ^ ^ ' true G A 

Propositions are generated as follows: 
Falsum 

X I \ true G -L A prop 

F-Fs) ± prop E-Fs) f- — - 

^ ' true G A 

Extensional Propositional Equality 

C col ceC dec c£C trueG Eq(C,e,d) 

^' Eq(C, c, d) prop ^' true G Eq(C, c, c) ^' c = deC 

Implication 

p, B prop C prop ^ ^. true G C [x G -B] B prop C prop 

' ^' B prop ' ^' true € B^C 

^ ^ , true G B true e B 

E-Im) 

' true G C 
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Conjunction 



p , B prop C prop ^ , true € B true 6 C7 B prop C prop 
' B AC prop " ' true €B AC 

^ true € SAC ^ true £ S A C 

Ei-A) — E2-A) -; — 

' true € B ' true € C 

Disjunction 

, B prop C prop , true £ B B prop C prop > true £ C B prop C prop 

' Bye prop ' true € S V C ' true € B V C 

A prop true & By C true £ A[x £ B] true € A [t/ e C] 
true € A 

Existential quantification 

^ C[x) prop [x &B] b€ B true £ C(b) C{x) prop [x £ B] 



E-V) 



E-3) 



3xesC(a;) prop true £ 3xesC(a;) 

M prop true £ 3a!esC(a;) true £ M [a; £ B, j/ £ C7(x)] 



true £ M 
Universal quantification 

vj\ '^(^) P'^°P [x eB\ true £ C{x) [x £ B] C{x) prop [x £ B\ 



E-V) 



yxeBC(x) prop true £ VxgBC(a;) 

&£B true £ Va;e-BC'(a:) 
true £ C(6) 



As in mTT, small propositions are generated as follows: 

B props C props B props C props B props C props 



± props 



By C propa B ^ C props B AC props 

C{x) props [x e B] B set C{x) props [a; £ B] B set A set a e A b e A 
JxeBC{x) e props 'ixeaC^x) props Eq{A,a,h) props 

Contrary to mTT, in emTT we do not have the intensional collection of small propositions but the 
quotient of the collection of small propositions under equiprovability representing the power collection 
of the singleton: 

Power collection of the singleton 

F-P) Vil) col I-P) cq-P) ^^^^^B^C [B]^[C\^V(1) 

> ' ""^ > [B] £ P(l) [B] = [C] £ P(l) ^ ' true £ B ^ C7 

,.P) z±m 

" > U=lEq{V{l),U, [tt])] 
where tt s ± — » ± represents the truth constant. 



Then, we have also function collections from a set toward ■P(l): 
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Function collection to ^(l) 

FFc) ^ '""^ IFc) c(^) ^ ^(^) i^^B] B set 
' B^T{l)col ' Xx" .c{x) £ B ^V{1) 

h&B feB^Vjl) b £ B c{x) g V{1) [x&B] B set 

' Ap(/,6) ePCl) ^ ' Ap(Aa;^.c(a;),&) = c(6)€P(l) 

A.^.Ap(/,lfr/?B ^ P(i) - ^) 



Then, as in mTT we add the embedding rules of sets into coUections set-into-col, of propositions into 
collections prop-into-col, of small propositions into sets propg-into-set and of small propositions into 
propositions props-into-prop. 

Moreover, we also add the equality rules ref), sym), tra) both for types and for terms saying that type 
and term equalities are equivalence relations, and the rules conv), conv-eq). 

Contrary to mTT, we add all the equality rules about collections and sets saying that their constructors 
preserve type equality as follows: 



Strong Indexed Sum-eq Function collection-eq 

Cix) = Dix)col [xGB] B = Ecol . B = E set 

^ ' T,^eBC{x) = T,^eED{x)col ^ ' B ^ V{1) = E ^ V{1) col 



Lists-eq Strong Indexed Sum set-eq 

pn list^ C = Dset C{x) = D{x)set [x & B] B = E set 

^ ' List(C) = List{D) set ^ Y,^^bC{x) = T.^eED{x) set 

Disjoint Sum-eq Dependent Product-eq 

B = D set C = E set , C{x) = D{x) set [x € B] B = E set 

B + C = D + E set ' n^gsC(a;) = U^eED{x) set 

Quotient set-eq 

A = B set R{x,y) = S{x,y) props [x e A,y e A] Equiv(_R) Equiv(S') 



eq-Q) 



A/R = B/S set 



Then, emTT includes the following equality rules about propositions: 



Disjunction-eq Implication-eq 

> B = D prop C = E prop , B = D prop C = E prop 

' ByC = Dy E prop B^C = D^E prop 



Conjunction-eq Propositional equality-eq 

^-v B = D prop C = E prop A = E col a = eeA b = ceA 

B AC = DAE prop ^^-^l) Eq{A,a,b) = Eq{E,e,c) prop 



Existential quantification-eq Universal quantiflcation-eq 

C{x) = D{x) prop [xeB] B = E col C{x) = D{x) prop [x £ B] B = E col 

^'^ 3xeBC{x) = 3xeED{x) prop ^ '^xeBC{x) = yxf=ED{x) prop 
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Analogously, we add eq-V), eq — >), eq-A), eq-Eq), eq-El), eq-V) restricted to small propositions. 
Moreover, equality of propositions is that of collections, that of small propositions coincides with that 
of props and is that of propositions and that of sets: 

, A = B prop A = B props „s B e props 

prop-into-col eq) — „ , prop^-eql) -— props-eq2 — 

' B col A = B £ props A = B props 

, A = B props . ^ A = B props 

props-into-prop eq) props-into-set eq) 



A^B prop ^-^^ ' A = B set 



Equality of sets is that of collections: 
A^ B set 



set-into-col eq) 



A = B col 



Contrary to mTT, also for terms we add equality rules saying that all the constructors preserve equality 
as in |NPS90j . 

, ^, h = h' £B c = c a C(b) C(x) col [x G B] 
I-eq E) — — 



{b,c) = {b',c') G E,6sC(x) 
M(z) col [z G E^eBCix)] 

d = d' G E,eflC(a;) m{x,y) ^ m' {x,y) £ M{{x,y)) [x £ B,y £ C{x)] 

E-eq E) ; ; 

' Els{d,m) = Els{d',m') £ M{d) 

^ , a = a' G No A(x) col [x G No] ^ t = t' £ Ni M{z) col [z G Ni] c = c' G MM 
E-eq Em) — ' ' a, s E-eq S) — ' — 



h-eq list) 



empo(a) = empo(a') e ^(ffl) ElN^it, c) = ElN^it' ,c') £ M{t) 

s^s' £ List{C) c^c £C 



E-eq list) 
I-eq Q) 



cons(s,c) = cons(s ,c ) G List{C) 

L{z) col [z £ List{C)] s = s' £ List{C) a = a £ L(e) 
l{x,y,z) — l'{x,y,z) £ L{cons{x,y)) [x £ List{C),y £C,z £ L{x)] 
ElList{s,a,l) = Elustis' ,a' ,l') £ L{s) 

a £ A A/R set 



[a] = [a] £ A/R 

H 

E-eq Q) 



L{z) col [z £ A/R] 

p = p' £ A/R l{x) = l'{x) £ L{[x]) [x £ A] l(x) = l{y) £ L{[x\) [x £ A,y £ A,d£ R{x,y)] 



EIq{p,1)^EIq{p',1')£L{p) 
^ . b = b' £ B B set C set ^ . c = c £ C B set C set 

+ ) ■■ 77^ ■■ _ „ , ^ ^2- + ) 



inr(fe) = inr(6') G B + C inl(c) = inl(c') G B C 

A 
d 



A(z) col [z £ B + C] 

d = d' £B + C asix) = a's(x-) G A{\n\{x)) [x £ B] ac(y) = a'dy) £ ^(inr(y)) [y £ C] 



El+{d,aB,ac) = El+(d ,03,0^) G Aiw) 

J c{x) = c'{x) £ C{x) [x £ B] C{x) set [x £ B] B set ^ b = b' £ B f = f £ YI^^bC{x) 

'"""^ ' \x^.c{x) = \x''.c^{x)£n^eBC{x) "^"^ ^ Ap(/,6) = Ap(/',6')eC(&) 

lenFc) ^(^) = ^'(^) g ^(1) e B set ^ b = b' £ B f = f'£B-.V{l) 

' \x''.c{x) = \x^.c'{x)£B^V{l) ' Ap{f,b)=Ap{f',b')£Vil) 
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Note that I-eq H) is the so called f-rule in |Mar75| . 

We call emTTsei the fragment of emTT consisting only of judgements forming sets, small proposi- 
tions with their elements. 

Finally, the calculus emTT'^P is obtained by extending emTT with generic dependent collections and 
quotient collections: 

Dependent Product Collection 

C{x) col [x e B] c{x) e cjx) [x e B] beB fen^^BCix) 



n^eBC{x)col Aa:^.c(a:) Gn,6sC(x) ' Ap{f,b)eC{b) 

b g B dx) g dx) [X e B] ^^L£iI-|^(^L^(, not free in f) 



Quotient collection 



true G R(x,x) [x G A] 
true G R(y,x) [x £ A, y £ A, u £ R{x,y)\ 



R(x,y) prop \x £ A,y € A, r,/ n r a a a 

^^^1 f f ^ ' y J true G -R(x, z) [x € A, y £ A, z € A 



u G R{x,y), V G R{y,z)] 



^ ' A/R col 

.a£A A/R col aeA be A true eR{a,b) A/R col 

H G A/R ^'^"^^^ [a] = [b] G A/R 

L{z) col [z G A/R] 

peA/R l{x) e L{[x]) [x e A] l{x) = l{y) e L{[x]) [x e A,y e A,d e R{x,y)] 

EIq{p,1) G L{p) 

L{z) col [z G A/R] 

a£A l{x) € L{[x]) [x € A] l{x) = l{y) £ L{[x]) [x £ A,y e A,d £ R{x,y)] 



E-Q,) 



ElQ{[a],l)^l{a)£L{[a]) 

Effectiveness 

a£ A b£ A [a] = [b] £ A/R A/R col 



eff, 



true G R{a, b) 



Then, we also add the corresponding equality rules about dependent product collections and about 
quotient collections as eq-II), I-eq IT), E-eq 11) eq-Q), I-eq Q), E-eq Q). 

Note that in emTT''^' function collections toward Vil) are clearly a special instance of dependent 
product collections. 

8 Appendix: Interpretation of emTT into mTT 

Here we define the interpretation of emTT-type and term signatures as mTT-extensional dependent 
types and terms, respectively, by using canonical isomorphisms. This interprets the so called "raw 
syntax" in [Mai05| . namely the signatures of types and terms in emTT, in a partial way. Indeed, as 
it is well explained in [Str91| . we can not define a total interpretation by induction on the derivation 
of types and typed terms in emTT, because term equalities are involved in the formation of types and 
typed terms, and hence the interpretation would depend on the validity of equality which should instead 
follow as a consequence of the chosen interpretation. 
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Def. 8.1 (Interpretation of cniTT into niTT and of cmTT^P into mTT'^P) In the following we de- 
fine supports and related equalities of niTT (mTT'^P)-extcnsional dependent types interpreting emTT 
(emTT'^^')-type signatures, and mTT (mTT'^^')-extensional terms interpreting emTT (emTT''P)-term 
signatures, all by induction on their formation. They are both described under a context, since free 
variables are assumed to be typed. We also warn that, when we interpret a type or a term signatures 
depending on more than one term, we assumed to have matched the types of the already interpreted 
terms via canonical isomorphisms. 

The assumption of variable is interpreted as follows: 
{x€A)[T',xeA,A]y = xeA' [r',x€A',A'] 

Collection constructors are interpreted as follows: 
Power collection of the singleton : 

r{iy col [r'] = prop, [r^] 

and z —propyl z' = {z ^ z) A {z z) for z,z' € props 

cr|- (ui) = w for x,x' e ,w e props. 
([yl])^ = a' for A small proposition. 

Strong Indexed Sum : 

(S,6sC(j/))^ col [r'] = E^gBxC^(2y) col [V'] 

and z =s„^nC(yy ^' = ^de-.i(z)=^j^,(z') ^I^HM^)) =c'(ni(z')) M^') for z,z' £ (J^y^BCiy))'. 
{{b,d)y = {b',d^) und Els{d,my = Els{d^ , {wi,W2).m') 

a§-'{w) = EIe(w, (wi,u>2).{a|'(TOi) , o-^X^'™'' (^2) ) ) ioTX,x'£r' and w € {'Ey^BC{y)y {x). 
Dependent Product collection : 

{UyeBCiy)y col [V] = ^^^^^^^^chv) ^«i.«2efl^ ^dey,=^jy. (Ap(/i,J/i) ) =c^(,,) Ap(7i,y2) 

and a =n^^^,c(j,)^ ^' = ^y^B' Ap(7ri(a) , y) =c/(y) Ap(7ri(2;') , y) iov z,z' e {Ily^BC{y)y . 

{Xy^.cy ^ {Xy"' -c', p) where p eyy^^y^^B' ^<iey,=^jy. cr^TA^Hvi)) =cHy2) ^'(v^) 
(Ap(/,6))^ = Ap(7ri(/),6^~) 

af'H = {A2/'«'(-'). <;^(,,)(Ap(^iM, af,(t/'))), P) for e V and w G (HyeB C{y)y {x). 
where p is the proof-term witnessing the preservation of equalities obtained from 7r2(w). 

Function collection to 'P(l) : 

{B^V{1) col [r]y = S^gBi^p^p, V,^,,^gs. J/1 =Bi y2 ^ (Ap(fe,2yi) ^ Ap(/i,t/2)) 

and z z' = Vy^Bj Ap( 7ri(z) , i/) ^ Ap( tti («') , y) ior z. z' £ { B P{l)y 
{Xy^.cy = (Aj/^ -c' ,p) where p e Vj^j_j,2gB/ yi =bi y2 (c'iyi) ^ c'{y2)) 
(Ap(/,6))^ s Ap(7ri(/),6^') 

cr§' {w) = { Ay'^'f^') . ( Ap( TTi {w) , afriy') ) ), p > for cc' e and w € ( B ^ P(l) where p is the 

x' 

proof-term witnessing the preservation of equalities obtained from 772 (w). 

Quotient collection : 

(A/R col [r]y = A' col [r'] 

and z =A/R' z' = R'{z,z') for z,z' £ A' . 
{[a\) = a' and Elgipjy = l'(/) 

cr§ (w) is defined as the substitution isomorphism of AL [TL]. 
Now we give the interpretation of sets: 

Empty set : ( No set [r])^ = No set [T'\ 
and z =No' ^' = ld(No,0, «') for z,z' € Nq. 
(empo(a))^ = etnpo(a^) 
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(T§' (li)) = TO for X, x' G and to G Nq. 

Singleton set : ( Ni set [V]Y = Ni set [V'] 
and z =Mj/ z' = z, z') for z,z' £ Ni. 

= * and {ElNi{t,c)y = ElNi{t',c^) 
a§ (w) = TO for X, x' G and to G Ni. 

List set : (List(C) set [T])' = List{C') set [F'] 
and z =List(c') ^' defined as in theorem 14.201 
(e)^ = e and (cons(s,c))^ = cons(s^,c^) 
{Elust{s,a,l)y = Elustis', a', l') _ 

iw) = ElLiati/w , e, (1/1,1/2, z).cons( z , a§'(i/2) ) ) for x, x' G and to G {List{C) Yix). 

Disjoint Sum set : ( B + C set [F])' = B' + C' set [V'\ 
and z =B'+c' is defined as in theorem 14.201 

(ml(&))^ = \n\(b') and_(inl(c))^ = \n\{c') and {El+{d,aB,ac)y = El+{(f,al,al)) 
crf'(TO) = El+{w,{yi).a§'{yi), (j/2).crf' (ya) ) forx,^Gr^ and to G {B + CYix). 

Finally, Strong Indexed Sum set. Dependent Product set and Quotient set constructors with 
their terms are interpreted analogously to Strong Indexed Sums, Dependent Product collections and 
Quotient collections with their terms, respectively. 

Lastly, emTT-propositions are interpreted as niTT-extensional propositions whose support is similar, 
except for extensional propositional equality, and whose equality is trivial, namely if A prop [T] is a 
proposition then z z' = tt for all x £T' ,z,z' G A' (;x). Therefore in the following we just specify the 
support of their interpretation. 

Falsum: prop [V']) = ± prop [F'] 

(true G A)^ = ro{p) G A^ provided that p G -L is derived in mTT. 
a§ (w) = TO for X, x' G and to G -L. 

Extensional Propositional Equality: Eq(i3, 61,62) prop [F ] = 

( true G Eq(B, h, b) [F])' = rf\{b') G b' =^1 b' [F'] provided that b' G B' [F'] is derived in mTT. 
where a§' is that of b{ —gi 62 prop [F^] 

Implication: {B C)' prop [F^] = B' ^ C' prop [F^] 

(true G B ^ C [F] )^ = A^x^.c e B' ^ C' [F'] provided that c £ C' [F' ,y G B'] is derived in mTT. 

( true G C [F] )^ = Ap^(/,6) G C' [F'] provided that f £ B' ^ C' [F'] and b £ B' [F'] are derived in mTT. 

af{w) = e B^(x^).af {Ap^{w, a^{y))) tor x,^ eF' and w e (B ^ CYix). 

Conjunction {B A C)' prop [F^] = B' AC^ prop [F^] 

(true G B A C [F] )^ = (&,a c) G B^ A C' [V'] provided that & G B^ [F^] and c e C' [F'] are derived in mTT. 
(true G B [F] )' = Tvf{d) G B' [F'] provided that d£B' AC' [F'] is derived in mTT. 
(true G C [F] Y = {d) G C' [F'] provided that d£B' AC' [F'] is derived in mTT. 
(4{w) = {cr|^(7rf'(TO)),A cr|^(7rf'(TO))) forS,S^GF^ andTOG (BAC)^(^). 

Disjunction (B V CY prop [F^] = B' V C' prop [F'] 

(true G B V C [F] )^ = inlv(&) & B' V C' [F'] provided that 6 G B^ [F^] is derived in mTT. 

(true G B V C [F] )^ = inrv(c) £ B' W C' [F'] provided that c £ C' [F'] is derived in mTT. 

(true G A [F] Y = El^{d,aB,ac) £ A' [F'] provided that d £ B' V C' [F'], as £ A' [F^j/ G B'] and 

ac £ A' [F' ,y £ C'] are derived in mTT. 

erf' (to) = Ely{w, (yi).inlv(cr§'(j/i)), (|/2).inrv( af' (ya) ) ) for S,^ G F^ and to G (B V C)^(s). 



46 



Existential quantifier: {3y,^BC{y))'' prop [F^]) = ^y^B' C (y) prop [T^] 

(true € JyeBC^y) [T] )' = {b',3 c) £ ^y^B'C'{y) [V] provided that c G C'{b') [V] is derived in mTT. 

( true € M [r] Y = Ehid, m) € M' \r'] provided tliat d € 3y^BiC'{y) [V'] and m € M' [T' , y e B' , z e C 

are derived in mTT. 

a§'{w) = Ely{w, {y,z).{a§'{y) ■, 0"^'^^ («) ) ) forx,i^Gr^ and w e ( Byes C(2/) 
Universal quantifier: (VyeBC(y)^ prop [T^]) = y^BtC\y) Prop [T^]) 

(true e Vy6BC(j/) [r] Y = Avy^.c e Vj,gs/C^(y) provided tiiat c e C^(j/) [T^y G is derived in mTT. 
(true G C(&) [r] )^ = Apv(/,fe^) G C\\Y) [F^] provided that / G 'iy^B'C\y) [r^] is derived in mTT. 
at{w) = Avt/^'(^^ <;^(^j( Apv(w, cr^iy)) ) for x,^ € and w € (V^sb C(j,) )^(x). 
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